Data Protection and Brexit - Is your organisation prepared?
If your organisation shares personal data with businesses or organisations in the European Economic Area (EEA), you will need to take steps to ensure you continue to comply with data protection laws if the UK leaves the EU without a deal.
Personal data refers to any information that can be used to identify a living individual, including a customer’s name, their physical or IP address, or HR functions such as staff working hours and payroll details.
Although the UK’s own data protection standards would remain the same, there would be changes to how personal data transfers from the EU/EEA to the UK. This could affect your organisation.
Therefore, if your organisation receives personal data from organisations in the EU you should consider, with your EEA partners, what changes you may need to make to ensure that data can continue to flow after the exit date. These changes will affect organisations both large and small.
It is important for organisations, as a priority, to review whether they would be affected.
Minister calls on SMEs to prepare data ahead of EU exit
Digital Minister Margot James has issued a reminder to SMEs to ensure that they’ve got plans in place so that they don’t lose access to vital data flows if the UK leaves the EU without a deal.
Digital Minister Margot James said: “I know that personal data plays a hugely important role in day to day business. The current uncertainty around Brexit is of great concern and businesses need to take action to limit the risk of potential disruption if a no deal were to happen. I would urge all companies to check the Information Commissioner's Office guidance on their website, and make sure that they are as prepared as possible.”
The Government has already introduced robust new data laws through the 2018 Data Protection Act. This included giving people more power and control over their data and strengthening the powers of the ICO.
In the event of a deal, through the Withdrawal Agreement, the government has made plans to secure ‘data adequacy decisions’ from the EU. This will ensure UK and EU firms can carry on exchanging personal data like they do now.
Prepare your organisation for the UK leaving the EU by answering these 7 simple questions.
- What does your business do?
- Do you sell goods in the UK, import or do business abroad?
- Do you employ anyone from another European country?
- Does your business exchange personal data with another organisation in Europe?
- Does your business use or rely on intellectual property (IP) protection? (IP protection includes copyright, trademarks and patents)
- Does your business get EU or UK government funding?
- Does your business sell to the public sector?
For practical support and advice you can call the ICO helpline on 0303 123 1113. You can also find out more by visiting www.gov.uk