UK GDPR 2021: Which act of parliament incorporated GDPR post Brexit?
When it was first announced the UK was leaving the EU there was a lot of confusion about how data protection would be handled once we had left. Data protection is a big issue across the world, so what stance has the UK taken on GDPR post Brexit?
By Sonia Older
10 May 2021, UK
What is UK GDPR?
GDPR - General Data Protection Regulations - is a set of legislations put in place to protect the personal data of individuals. This include all forms of data that can be used to identify a living person and includes names, addresses, phone numbers and other forms of personal data.
UK GDPR has remained very much the same as it was before Brexit. The only difference is its governing body, now any changes to the laws stem from the UK government rather than the European Union.
The ICO (Information Commissioners Office) is the UK's independent body set up to uphold information rights. Under UK GDPR, the ICO can fine any company who misuses personal data or is responsible for a data breach.
A serious GDPR breach can set you back up to 20million Euros or 4% of annual turnover. The ICO can also issue a ban on data processing or suspend a company’s ability to transfer data to another country, which could damage your business. Therefore if you suspect a GDPR breach you should contact your IT support team to investigate immediately!
GDPR post Brexit: how will this affect business partnerships with EU companies
If any part of your business has transactions with EU companies or processes data of EU citizens, you will still be governed by GDPR post Brexit as all EU citizens are protected by the regulations. And if you have signed any Standard Contractual Clauses (SSCs) that protects data leaving any country in the European Economic Area, not just the EU, then these will still apply.
Which UK act of parliament was created to incorporate GDPR post Brexit
Now the UK isn’t part of the European Union, the GDPR principles set out by the EU no longer apply within the UK. So Which UK act of parliament was created to incorporate GDPR? post Brexit?
The updates to the Data Protection Act 2018 incorporated the GDPR regulation used by the EU in the UK. This means since leaving the EU in March 2020 there have been few changes to the legislation on data protection and GDPR still applies in the UK.
What if my business plans to work with European companies after Brexit?
If any part of your business has transactions with EU companies or processes data of EU citizens, you will still be governed by GDPR as all EU citizens are protected by the regulations.
And if you have signed any Standard Contractual Clauses (SSCs) that protects data leaving any country in the European Economic Area, not just the EU, then these will still apply.
Need help with GDPR compliance?
As part of the our cyber security packages, we can provide a comprehensive report based on the findings of our specialists that will uncover any GDPR related network issues and potential breaches. We also offer a multitude of training courses and check so that your employees can stay up to date with their GDPR compliance.
Laurence Glen, Head of IT at Focus Group, says:
"GDPR has had a huge and lasting impact on data protection, the way companies process data has changed forever. Even after we withdraw from the European Union it will have an influence over our businesses and so it makes sense to continue to be compliant.
But, your processes should still be reviewed regularly to ensure you don’t get caught out; fines and sanctions will still bite after Brexit. A GDPR health check is an ideal to way to ensure best practice and absolutely essential for any company that processes large amounts of data."