What will be the impact of the General Data Protection Regulation (GDPR) on your business post Brexit? We can help.
The UK government has confirmed that the UK will be implementing the General Data Protection Regulation (GDPR).
When the GDPR comes into effect on 25th May 2018 the UK will still be a member of the EU so the GDPR will automatically replace the existing Data Protection Act.
Compliance with the new regulation will be required until Brexit in 2019. At that point we expect to have received guidance from the government with regard to replacement legislation. However, this is expected to be very similar to the GDPR to enable the UK to continue trading with EU member states.
It is therefore important for business to ensure that it’s data protection procedures are brought right up to date not only to comply with the regulation but to ensure that you are ready to continue to trade with the EU in the new environment post Brexit.
Preparation for GDPR
As a Data Controller you need to be fully prepared for GDPR and assess:
- the personal data that the business currently holds;
- the origin of the data and who your business is sharing it with;
- current data protection policies and how they need to be updated to be fully compliant;
- current privacy notices;
- the readiness of the business strategy going forward.
GDPR Compliance Post Brexit
The GDPR applies not only to those in the EU but also to any business outside the EU that will be processing the personal data of EU citizens.
Therefore, it is in the interest of any UK based business to continue to be GDPR compliant after 2019.
The Information Commissioner’s Office (ICO) will continue to update it’s guidance in conjunction with the UK government .
The GDPR and Children
The preamble to the GDPR states: ‘Children deserve specific protection of their personal data, as they may be less aware of risks, consequences, safeguards and their rights in relation to the processing of personal data.
This concerns especially the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collections of child data when using services offered directly to a child’. We can explain the legislation and what it means to your organisation and what measures you need to implement.