ComplyGDPR
  • Home
  • Services
    • Staff Training
    • GDPR Self-Audit
    • GDPR Support
    • GDPR Toolkit
    • EU Representative
  • About GDPR
  • Our Team
  • Contact
  • Articles
  • Client Portal

Lingering Post-Brexit Matters

LINGERING POST-BREXIT MATTERS

Adequacy decision for EU-UK data transfers is yet to be confirmed.

It was welcome news when the EU and UK agreed to temporarily allow personal data to continue to flow from the EU to UK for the first few months of 2021, while the EU considers its UK adequacy decision.

Since then, the EU has put forward a draft adequacy decision, which the ICO notes is an “important milestone” in the process. So now we must await outcome of the EDPB’s and EU member states’ deliberations – we hope for a favourable and swift decision!

In the meantime, the ICO continues to advise organisations to be prepared in case the UK adequacy decision is not approved by the EU. In that scenario, UK organisations may need to have additional safeguards in place, such as Standard Contractual Clauses (SCC), to continue to receive personal data from organisations based in the EU.

Meeting new requirements for EU and UK Representatives

If your business does not have an office in the EU and you regularly process personal data of EU candidates, a reminder that GDPR may require you to have an EU Representative.

Your Representative would have various responsibilities, such as: overseeing rights requests from EU data subjects; communicating with EU regulators on behalf of your organisation if a complaint was raised in the EU; and holding a copy of your Record of Processing for EU inspection. With an EU Representative, you benefit from the EU GDPR’s One-Stop-Shop (which the ICO is no longer part of). This means, for example, if you experience a security breach you avoid the risk of potentially being fined by every individual EU state in which individuals have been affected.

For overseas business that do not have an office in the UK, if you regularly process personal data of UK individuals you may also need a UK representative.

Special versions of the EU and UK Representative services provided by Reed Smith’s datarologie team have been tailored for ComplyGDPR clients. With competitive options for our micro and small business clients.

What data protection regulations apply now the Brexit transition period has ended?

  • The UK GDPR took effect from 1st January 2021. (At this stage, it is fundamentally a carbon copy of the EU GDPR at 31st December 2021, but it may diverge over time.)
  • The Data Protection Act (DPA) 2018 still applies. This regulation sits alongside the UK GDPR and also contains special conditions for certain aspects of the UK’s version of GDPR.
  • Privacy and Electronic Communications Regulations (PECR) still applies. This is pertinent for electronic marketing activities (email /phone/text) and website cookies rules.

Reminder: for UK based organisations, the UK GDPR applies to ALL personal data you process. That means you should extend the protection and individual rights provided by UK GDPR to all your data subjects, regardless of where they are located.

Tips: Post-Brexit matters

  • Get straight with the new rules if your organisation has cross-border activities between the UK and EU or between multiple countries within the EEA.
  • Assess whether you may need to appoint an EU representative or a UK representative. If so, publish their details on your website privacy notice.
  • Some of your GDPR records may need to be updated. For example, descriptions of data transfers to the EU or third countries – check your privacy policy, record of processing, DPIAs. Also check your data breach notification process or subjects rights requests handling process is up to date.

How can we help?

  • How can we help?
  • If you are unsure whether you need an EU or UK Representative, ask for our joint ComplyGDPR/datarologies/ReedSmith brochure, which includes a flow chart to help.
    For a copy of our latest post-Brexit checklist, contact our helpline.
  • Next Are Your Legitimate Interests Legit?
  • Previous Costly Website Cookies Mistakes

Newsletter Articles

  • Regulatro Focus for 2021
  • Regulator Enforcement Action
  • Revised Contractual Clauses for UK GDPR
  • Are Your Legitimate Interests Legit?
  • Lingering Post-Brexit Matters

Previous Newsletters

  • June21
  • Updates

Contact Us

  • info@complygdpr.com
  • Mon-Fri 09:30 - 17:00
  • +44 (0)7853 626969
  • Follow us on LinkedIn
  • Twitter

GDPR Leaders Refresher

Next Refresher Workshop For GDPR Leaders
in May 2023

Help your business stay on top of current GDPR obligations & risks.

Contact us to book your place at our next online event.

More about our services...

Recent Posts

  • GDPR News & Tips – Autumn/Winter February 16, 2023
  • What is “GDPR Committed”? January 19, 2023
  • GDPR news & tips – Spring 2022 May 27, 2022

Site

  • Home
  • Services
  • Our Team
  • About GDPR
  • Contact
  • Articles
  • Client Portal
    • Online Modular Implementation Workshop
ComplyGDPR | Privacy Policy | Cookie Policy