While doing business if you’re only operating within the UK, you may not need to do much to prepare for data protection after the UK leave the EU, popularly known as Brexit. The UK is committed to the high standards of data protection set out in the General Data Protection Regulation (GDPR), and the government plans to incorporate the GDPR into UK law when we leave. Therefore, your best preparation for the future UK regime is to ensure that you are effectively complying with the GDPR now.
Below we bring you a six point checklist that you should be aware of. You can use this checklist to work out whether you will be affected once we leave the EU, and take some key steps to prepare.
- You need to continue to apply GDPR standards and follow current Information Commissioner’s Office (ICO) guidance. If you have a data protection officer (DPO), they can continue in the same role for both the UK and the Europe.
- You also have to review your data flows and identify where you receive data into the UK from the European Economic Area (EEA). Think about what GDPR safeguards you can put in place to ensure that data can continue to flow once we are outside the EU. You may want to consider putting standard contractual clauses (SCCs) in place if you are receiving data from the EEA.
- You have to review your data flows and identify where you transfer data from the UK to any country outside the UK, as these will fall under new UK transfer and documentation provisions.
- If you operate across Europe, review your structure, processing operations and data flows to assess how the UK’s exit from the EU will affect the data protection regimes that apply to you.
- You need to review your privacy information and your internal documentation to identify any details that will need updating when the UK leaves the EU. You may also need to review existing data protection impact assessments if they involve data transfers between the UK and the EEA.
- Finally, you have to make sure key people in your organisation are aware of these key issues. Include these steps in any planning for leaving the EU, and keep up to date with the latest information and guidance.
You may find it more difficult to ensure continuity if you leave your preparations until the last minute. It would also be useful to review your organisation’s risk register, if you have one.
We hope that these points provided you with clarity on what all needs to be done to keep your business up and running smoothly, and also follow important rules and regulations. We will be bringing more such informative and educative articles to keep you abreast with necessary information as we all gear up for 29 March 2019, when the UK formally leaves the EU.