Intellectual Property, Information Technology & Cybersecurity
Managing Personal Data Laws in the UK after 31 December 2020
Author: Liz Bell
As a result of the UK leaving the EU, the laws in the UK to manage personal data will change at the end of the transition period (31 December 2020) for all organisations, although the extent of the changes will depend on the current data arrangements.
UK organisations without any suppliers, customers or contacts operating in the EU will only see minimal changes, as the UK moves from GDPR to an equivalent UK GDPR, although privacy notices will need to be reviewed and, where necessary, updated to reflect the change in law.
The biggest changes will be felt by UK organisations who have operations in Europe, whether customers, suppliers or other local businesses. These organisations will need to review their current contracts and operations to ensure that they continue to comply with both EU and UK GDPR rules. Transfers of personal data from the EEA to the UK will be “restricted transfers” under the GDPR, and will be subject to additional protective measures.
Whilst the UK Government remains confident that an adequacy decision will be approved as part of the continuing trade negotiations, a recent decision in the European Court of Justice calling into doubt the consistency of the UK’s surveillance regime with the data protection principles set out in the GDPR makes this less certain. If the UK is not given an “adequacy” decision, organisations will need to be prepared to put in place alternative international data transfer mechanisms.
Both the UK GDPR and the GDPR require controllers and processors to be accountable for compliance, which requires an appropriate record of the decisions taken about what steps need to be taken and how your organisation is complying.
Are you sending personal data to or receiving personal data from an EU country?
Do you offer goods or services to individuals in the EU, which requires a local representative?
If you are not a UK-based organisation but have UK-based customers, do you have a representative?
There are a number of steps that organisations may need to take to comply with the new UK GDPR regime as a result of leaving the EU. Our data protection experts work with businesses and organisations to help them navigate these issues. Contact us at gdpr@blakemorgan.co.uk for specific advice and support.
We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.