BIFAlink July 2021

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

BIFAlink

Policy & Compliance

www.bifa.org

EU GDPR requirements for UK based businesses post-Brexit

BIFA has been contacted during the past month by UK-based Members who had been advised by an internet service provider that, since the UK is no longer an EU Member, as per Articles 3 and 27 of the GDPR Regulation they would need to appoint a local representative. Inevitably, the party contacting them advised that it could act as the local representative for UK based traders – for a large fee. Members sought clarification from BIFA, which is grateful to our Associate Member Birketts for providing the following reply which is published verbatim

“The requirement to appoint an EU Representative only applies to organisations that are subject to the extra-territoriality provisions under Article 3(2) of the EU GDPR. These provisions apply to organisations that do not have an office or establishment within the EU, but which are either offering goods or services directly to consumers in the EU or are monitoring the behaviour of individuals in the EU. To be caught by the provisions regarding

offering goods or services, they must be offering them direct to consumers (ie, not B2B) and deliberately targeting an EU country as a potential market for the goods or services. Monitoring commonly involves online tracking but can also cover things such as wearable technology (eg, fitness trackers) and operation of a CCTV system in a public space. If your Members do not fall into

10

Lorries at Calais

either of these categories they will not be required to appoint an EU representative. In particular, they will not be required to appoint simply because they have the odd EU customer for an offering targeted at the UK, or if they offer services on a B2B basis in the EU market.

Rules and guidance If they do need to appoint, there are certain rules and guidance regarding who can fulfil the role and the functions that they must perform that your Members should familiarise themselves with. However, you can use the following links to

find further information about the above, which are available for free: • ICO: https://ico.org.uk/for-organisations/dp- at-the-end-of-the-transition-period/data-prote

ction-now-the-transition-period-has- ended/the-gdpr/european-representatives/

• European Data Protection Board: https://edpb.europa.eu/sites/default/files/files/ file1/edpb_guidelines_3_2018_territorial_scope _after_public_consultation_en_1.pdf ”

Many solicitors who are BIFA Associate

Members provide information on their websites regarding GDPR. In the case of Birketts, the latest information can be found at: www.birketts.co.uk/getmedia/51b0126c-3b51- 4d36-8938-86967fa90529/Brexit-and-GDPR_fact -sheet.pdf.aspx.

BIFA would like to thank Claire Hunt of Birketts for providing the information included in this article.

July 2021

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24