Data Protection after Brexit – are you ready?

The government has published new guidance to help businesses and charities of all sizes to continue to comply with data protection laws after 29 March 2019.

Where an Organisation shares personal data with others in the European Economic Area (EEA), they need to take steps to ensure they continue to comply with data protection laws if the UK leaves the EU without a deal.

For UK businesses that only share data within the UK, there is no change.

Personal data refers to any information that could be used to identify a living individual, including a customer’s name, their physical or IP address, or HR functions such as staff working hours and payroll details.

The UK government says it has no plans to impose extra rules on transfers of personal data from the UK to the EEA, so organisations will be able to send personal data to other organisations in the EEA as they do currently.

However, transfers of personal data from the EEA to the UK will become restricted once the UK has left the EU.

Where an Organisation receives personal data from other organisations in the EU, it should consider, with its EEA partners, what changes need to make to ensure that personal data can continue to flow after the exit date.

The Information Commissioner’s Office’s (ICO) has set out a 6-step checklist.

Additional Information

• 7 questions to get guidance relevant to your business when the UK leaves the EU
• ICO Guidance and resources for organisations after Brexit
• General Data Protection Regulation (GDPR) guidance