Request a callback today »

No Deal Brexit and GDPR | Essential Business Guide

November 11, 2019 | By: Victoria Owings

no deal brexit and gdprConfused about the effect of a no deal Brexit on GDPR and your business? Read our essential guide for SME’s to let you know what you need to be thinking about now, in preparation for a potential no deal Brexit.
The GDPR (General Data Protection Regulations) were introduced by EU law but have been incorporated into UK law by the Data Protection Act 2018, so ultimately, most things will stay the same regardless of what happens with Brexit.

No Deal Brexit and GDPR | International Data Transfers

This will be the main area your organisation needs to prepare for. Even if you think you don’t transfer personal data internationally, you’d be surprised to find you actually might, even if it’s just where your personal data is stored on a cloud. For those who already comply, the main change will be your transfers to the EEA (EU countries plus Iceland, Norway and Liechtenstein).
1. If you have no contacts or customers in Europe…
As long as you comply with the GDPR and Data Protection Act 2018 now, there is little you need to do in preparation for Brexit.
If you don’t yet comply, get in touch today to find out about the GDPR services we offer to help you become compliant.

2. If you send or receive personal data to or from Europe…
no deal brexit and gdprSending personal data to Europe will not be restricted so you can continue to do so (provided you’re compliant already) without the need for any additional steps. If you receive data from Europe you’ll need to take steps to ensure the data can continue to flow and you can do this by having a contract in place between you and the sender. This is because the sender in the EEA needs to be compliant in order to send data to the UK.
Although it’s their responsibility to ensure they are doing this in line with GDPR, commercially it may be within your interests to assist them to ensure the data continues to flow. This is because the UK would be considered a country that is not listed as adequate and as such there would be limitations in place for EEA countries to transfer data to the UK unless the UK is awarded adequacy status.
However to be awarded adequacy status could take at least 12 months years and is not even guaranteed, so having measures in place now would be advised.
3. If you have a European presence or European customers…
If you have offices or branches in the EEA, your European activities will be covered by EU law. If you are based in the UK but offer goods and services in the EEA you will need to comply with EU data protection laws in regards to those activities. You may also need to appoint a representative in the EEA to act as your local representative. It can’t be your current Data Protection Officer (DPO).
4. If you send or receive personal data to or from countries outside Europe…
This is likely to remain the same and there should be an adoption of current EU adequacy and approved transfer safeguards over time. Therefore if you currently comply, there is unlikely to be much more you need to do.

Documentation

Make sure you update your existing data protection documentation including privacy notices and data protection impact assessments with any changes you make.

Final Thoughts

The above is all based on there being a no deal Brexit without any agreed arrangements in place for data protection. It could all change if there is a deal and we will update our GDPR clients accordingly. A no deal would be worst case scenario so it doesn’t harm by being prepared and understanding what you need to have in place in preparation for this.
For additional advice on your current GDPR compliance or following Brexit, get in touch with our legally trained GDPR practitioners.

About the Author
Victoria Owings
Victoria Owings
Victoria Owings, Author at Wirehouse Employer Services

Prior to joining Wirehouse Employer Services in June 2017 Victoria worked as a consultant for another health and safety consultancy company for over 10 years. Victoria has experience of working in a wide range of different industries including engineering, manufacturing, hospitality, construction, care sector, funeral homes, veterinary practices, dental & doctors surgeries, golf clubs, transport and distribution, pharmaceutical and office environments. She has extensive knowledge with ISO 18001: 45001: Level 5 Achilles Building Confidence. RISQS, SafeContractor, Construction Line, SMAS, CHAS, Exor, Build UK, Altius VA CDM Comply, Eurosafe CDM Competent, Acclaim, Avetta, CQC and FORs.

More from the site

Fire and Rehire – Draft Code April 2023 Your Essential HR Guide

Fire and Rehire – Draft Code April 2023 Your Essential HR Guide

Statutory Minimum Notice Period & Dismissing an Employee

Statutory Minimum Notice Period & Dismissing an Employee

Essential Guide to Parental Bereavement Leave and Pay Act

Essential Guide to Parental Bereavement Leave and Pay Act

Secret Santa HR Issues | Your Essential Guide

Secret Santa HR Issues | Your Essential Guide

Christmas Shopping in the Workplace – an Essential Guide

Christmas Shopping in the Workplace – an Essential Guide

World Cup 2022 | An Absence Management Guide

World Cup 2022 | An Absence Management Guide