Latest News

Shopping Cart

No products in the basket.

Subscribe
From education to employment

Data Protection, GDPR and #Brexit – Is your organisation prepared?

Department for Digital, Culture, Media and Sport (DCMS) January 28, 2019
0 Comments

Guidance to help businesses and charities continue to comply with data protection law after 29 March.

If your organisation shares personal data with organisations in the European Economic Area (EEA), you will need to take steps to ensure you continue to comply with data protection laws if the UK leaves the EU without a deal. For UK businesses that only share data within the UK, there will be no change.

Personal data refers to any information that can be used to identify a living individual, including a customer’s name, their physical or IP address, or HR functions such as staff working hours and payroll details.

The UK does not intend to impose additional requirements on transfers of personal data from the UK to the EEA, therefore, organisations will be able to send personal data to organisations in the EEA as they do currently.

However, transfers of personal data from the EEA to the UK will become restricted once the UK has left the EU.

Therefore, if your organisation receives personal data from organisations in the EU you should consider, with your EEA partners, what changes you may need to make to ensure that personal data can continue to flow after the exit date.

These changes will affect organisations both large and small. To help your organisation take the right action now use the Information Commissioner’s Office’s (ICO) guidance and follow its 6 steps checklist:

Leaving the EU – six steps to take

  1. Continue to comply: Continue to apply GDPR standards and follow current ICO guidance. If you have a DPO, they can continue in the same role for both the UK and the Europe.
  2. Transfers to the UK: Review your data flows and identify where you receive data into the UK from the EEA. Think about what GDPR safeguards you can put in place to ensure that data can continue to flow once we are outside the EU.
  3. Transfers from the UK: Review your data flows and identify where you transfer data from the UK to any country outside the UK, as these will fall under new UK transfer and documentation provisions.
  4. European operations: If you operate across Europe, review your structure, processing operations and data flows to assess how the UK’s exit from the EU will affect the data protection regimes that apply to you.
  5. Documentation: Review your privacy information and your internal documentation to identify any details that will need updating when the UK leaves the EU.
  6. Organisational awareness: Make sure key people in your organisation are aware of these key issues. Include these steps in any planning for leaving the EU, and keep up to date with the latest information and guidance.
Published in: Skills and Apprenticeships - News and Insights
Department for Digital, Culture, Media and Sport (DCMS)

Related Articles

Responses

Report

Contains abusive or derogatory content
Contains mature or sensitive content
Contains misleading or false information
Contains spam, fake content or potential malware
Harassment or bullying behavior

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts

Please allow a few minutes for this process to complete.

Report

You have already reported this .