"The GDPR is a European directive, therefore after Brexit, will it no longer apply to us?"
It is a question which will have crossed the minds of many business owners in the last few months - why continue to comply with the GDPR, when the UK is set to leave the EU on 29th March? Some may have already abandoned their preparation plans, waiting to see what will happen, but this could turn out to be a costly mistake.
The UK government have made very clear their commitment to data protection. 2018 saw not only the implementation of the GDPR, but also the Data Protection Act 2018, which incorporates many aspects of the GDPR. Whether we leave the EU with a deal, or not, this will still be law.
We regularly see headline news featuring data protection failings of large corporations, and the general reaction of the public is; Why is this happening? Why do they not take the responsibility of handling our data more seriously? Instilling trust in clients is vitally important, and demonstrating good data protection measures will do this. It will also reduce the risk of data breaches and other catastrophes which could harm your business.
The Information Commissioners Office
The ICO have recently issued guidance recommending the steps to take as the UK leaves the EU.
1. Continue to comply Continue to apply GDPR standards and follow current ICO guidance. If you have a DPO, they can continue in the same role for both the UK and the Europe.
2. Transfers to the UK Review your data flows and identify where you receive data into the UK from the EEA. Think about what GDPR safeguards you can put in place to ensure that data can continue to flow once we are outside the EU.
3. Transfers from the UK Review your data flows and identify where you transfer data from the UK to any country outside the UK, as these will fall under new UK transfer and documentation provisions.
4. European operations If you operate across Europe, review your structure, processing operations and data flows to assess how the UK’s exit from the EU will affect the data protection regimes that apply to you.
5. Documentation Review your privacy information and your internal documentation to identify any details that will need updating when the UK leaves the EU.
6. Organisational awareness Make sure key people in your organisation are aware of these key issues. Include these steps in any planning for leaving the EU, and keep up to date with the latest information and guidance.
The message is very clear - GDPR preparations and compliance is essential. If your day to day data management is difficult to handle or the prospect of even starting is daunting, click here for a low-cost effective solution.