Brexit and GDPR

HOW BREXIT AFFECTS DATA PROTECTION IN THE UK:

Brexit will affect data protection in the UK, including international transfers of personal data after the transition period. Now that the UK is no longer an EU member state, the UK has been reclassified as a ‘third country’. This won't make any difference to UK organisations until the end of the transition period January 2021. If the EU and UK do not reach an adequacy decision by 31 December 2020, organisations in the UK that process EU residents’ personal data will have to rely on other safeguards, such as Binding Corporate Rules or Standard Contractual Clauses.

WHAT TO DO:

Standard contractual clauses ( data protection agreements) or Binding corporate rules will need to be implemented between between parties in the UK and EU where personal data will be transferred (if not already in place). This applies to Companies where there are UK and EU entities within the group. There needs to be Standard Contractual Clauses put in place between companies and their third party service providers also where data transfers from the EU to the UK (if not already in place).

Standard Contractual Clauses are the quickest and easiest way to approach this, they are simple data protection agreements which cover the minimum GDPR requirements. The templates can be downloaded from the ICO website and are easy to understand. Once the types of data, categorise of data, data subjects, etc. have been entered into the template (tick the box options are already provided within the template), both parties need to sign and save the contract which then deems the contract binding.

Binding Corporate rules are used for multinational companies to allow the free flow of data throughout, the problem here is that they take approx 18 months to approve, so not very useful in terms of the deadline.

PENALTIES FOR NON COMPLIANCE:

Infringements of the EU GDPR’s requirements for transferring personal data to third countries or international organisations are subject to the higher level of administrative fines: up to €20 million or 4% of annual global turnover – whichever is greater.

USEFUL TOOLS:

Below is a link to a Data Agreement Template Tool used to create a data agreement for you to use, very useful and simple to use.

https://ico.org.uk/for-organisations/data-protection-at-the-end-of-the-transition-period/keep-data-flowing-from-the-eea-to-the-uk-interactive-tool/