GDPR and BREXIT Simplified
The General Data Protection Regulation – GDPR was approved and adopted by the EU (European Union) Parliament in April 2016, after a two year transition period the regulation came into force 25 May 2018.
The GDPR applies to all organisations large medium or small who are based in the EU and those with EU citizens as customers. It has an extraterritorial effect, so non-EU countries are also affected.
The UK decided to leave the European Union 31 January 2020 and entered a Brexit transition period till December 2020 allowing time to negotiate a new relationship with the EU.
During the transition period, companies and organisations that offer goods or services to people in the EU, it will be business as usual, so they won’t need to take any immediate action or appoint a representative in European Economic Area (EEA). The Information Commissioners Office (ICO) will continue to act as the lead supervisory authority for businesses and organisations operating in the UK.
What happens at the end of the transition period?
The GDPR is an EU Regulation so in principle, it will no longer apply to the UK from the end of the transition period.
Depending on negotiations during the transition period, the default position is: the GDPR will be brought into UK law as the ‘UK GDPR’ in practice there should be little change to the core data protection principles, rights and obligations found in the current GDPR.
This will be the default position if the outcome is a no-deal Brexit.
From the end of the transition period, GDPR transfer rules will apply to any data coming from the EEA into the UK. Businesses and organisation need to consider what GDPR safeguards they can put in place now to ensure that data can continue to flow into the UK.
Steps to take NOW
- If you are a UK business or organisation that does not currently comply with the GDPR the best preparation you can do for data protection post Brexit is to comply with the GDPR now.
- If you are a UK business or organisation that does not have contacts or customers in the EEA, and you already comply with the GDPR, the best preparation you can do for data protection post Brexit is to review your current privacy information and documentation to identify any changes that need to be made.
Get the full article
The information contained within this article does in no way constitute legal advice. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, templates, or related graphics contained on the website. Any reliance you place on such information is therefore strictly at your own risk.