Using personal data after Brexit

Using personal data after Brexit – GOV.UK

When the UK leaves the EU there may be changes to the rules governing the use of personal data.

Using personal data after Brexit – GOV.UK

This information is particularly relevant to UK businesses and organisations which:

  • operate in European Economic Area (the EEA), which includes the EU
  • send personal data to, or receive personal data from international partners, including the EEA

What is personal data

Personal data refers to any information that can be used to identify a living individual, including their name, their physical or IP address, or HR functions such as staff working hours and payroll details.

An example of an international exchange of personal data would be a UK company that receives customer information from an EU company, such as names and addresses, in order to provide goods or services.

What your business or organisation needs to do now…

The Information Commissioner’s Office (ICO) has set out 6 steps and further guidance your business or organisation should take to prepare for EU exit in a no deal scenario.

You should:

  • Continue to comply with GDPR rules and follow ICO guidance
  1. Review your data flows into the UK from the EEA and consider the GDPR safeguards you will need to put in place.
  1. Review your data flows from the UK so that you can document the new basis for these transfers under UK transfer rules
  • If you operate across Europe, you should assess how the UK’s exit from the EU will affect the data protection regimes that apply to you.
  • Review the privacy information and internal documentation that you hold to identify any details that will need updating.
  • Make sure that key people in your organisation are aware of these issues and include these steps in any planning for leaving the EU.
  • Using personal data after Brexit – GOV.UK

This information is particularly relevant to UK businesses and organisations which:

  • operate in European Economic Area (the EEA), which includes the EU
  • send personal data to, or receive personal data from international partners, including the EEA

What is personal data:

Personal data refers to any information that can be used to identify a living individual, including their name, their physical or IP address, or HR functions such as staff working hours and payroll details.

An example of an international exchange of personal data would be a UK company that receives customer information from an EU company, such as names and addresses, in order to provide goods or services.

What your business or organisation needs to do now

The Information Commissioner’s Office (ICO) has set out 6 steps and further guidance your business or organisation should take to prepare for EU exit in a no deal scenario.

You should:

  1. Continue to comply with GDPR rules and follow ICO guidance.
  2. Review your data flows into the UK from the EEA and consider the GDPR safeguards you will need to put in place.
  3. Review your data flows from the UK so that you can document the new basis for these transfers under UK transfer rules.
  4. If you operate across Europe, you should assess how the UK’s exit from the EU will affect the data protection regimes that apply to you.
  5. Review the privacy information and internal documentation that you hold to identify any details that will need updating.
  6. Make sure that key people in your organisation are aware of these issues and include these steps in any planning for leaving the EU.
Sign up to receive our newsletter.
Keep up to date with news and information from Enterprising Barnsley.