Around 2016, all people in the UK were talking about was Brexit. Around 2018, all people were talking about was the General Data Protection Regulation (or GDPR for those “in the know”). And now that the UK has left the EU, a lot of people have questions about how this has changed data protection compliance.
Brexit and data protection needn’t be the rock and the hard place scenario that it seems. Nor do you need to throw out everything you knew about the EU GDPR just because the UK has left the EU.
What’s important to know is that since the end of the transition period on the 1st January 2021, Brexit has impacted data protection, but it hasn’t completely overhauled it.
In the UK, businesses still largely subscribe to most of the EU GDPR rules, but with some changes to help it work better with UK law. For example, exemptions of certain rules for matters of national security, and having fines in pounds rather than euros.
The impact of Brexit on data protection
This “UK GDPR” operates in conjunction with the Data Protection Act 2018 (DPA), which you may already know, and which assists and supplements the UK GDPR by providing for permitted exceptions and derogations.
Another point to note is that from the end of the transition period, UK data controllers will no longer have access to the EU one-stop-shop mechanism, although the UK and EU agreed that there should still be ongoing cooperation between the UK and EU data protection supervisory bodies.
Further, UK data controllers and processors should be aware that they may still be caught by the requirements of the EU GDPR if they are established within the EU or are offering goods to or monitoring the behaviour of EU citizens.
As such, it’s advisable that UK data controllers reassess their data processing activities to reflect these Brexit-related changes.
For non-UK businesses, there are also implications. Organisations based outside the UK but which are established within the UK, or which are offering goods to or monitoring the behaviour of UK citizens, will have to abide by UK GDPR.
Despite these changes, there’s no reason standards of data protection in the UK relative to those of the EU should slip, and the EU-UK Trade and Co-operation Agreement (TCA) still allows the free flow of data between the UK and European Economic Area countries until the end of June 2021. By then, the EU hopes to have adopted an adequacy decision in respect of the UK.
Get the latest online training on GDPR, post-Brexit
Here at SAP Litmos, we understand that up-to-date training content is vital for business compliance. So, we’ve updated our GDPR courses to reflect the post-Brexit landscape.
Please use this guide to help decide which course is right for your organisation.
In the SAP Litmos Training Content March 2021 course release, you’ll find an updated Compliance Essentials – General Data Protection Regulation course.
Please keep your eyes peeled for the April course release, which will include updated versions of General Data Protection Regulation, GDPR Express, Assess and Learn General Data Protection Regulation, and Data Subject Access Requests.
If you are a UK-based organisation, your employees may have Brexit-related questions on matters other than GDPR. Please see the March course release, which includes a new course, Brexit – What It Means for My Business (UK). It explains the basics regarding the UK’s withdrawal from the EU, the changes it will bring at work, and how everyone will need to adapt.
Still, it’s important to bear in mind that this is a new set of circumstances for everyone. The transition period may be over, and although both the UK and EU have committed to maintaining the same level of data protection standards, that doesn’t mean there won’t be changes to either party’s data protection rules in the future.
The best thing you can do, as ever, is remain vigilant, and try to keep on top of things. For our part, we’ll continue to update our courses for you whenever there’s new information. And hopefully we’ll be able to find topics of conversation besides international politics and data protection to talk about in the coming years!