This page contains a Flash digital edition of a book.
In Focus Consumer Credit


Data protection and Brexit: advice for organisations


Amidst continued political uncertainty, how can businesses, particularly SMEs, prepare for a possible no-deal Brexit?


Elizabeth Denham Information commissioner, the Information Commissioner’s Office


The basis on which the UK will leave the European Union (EU) has still to be decided. The government has made it clear that


the General Data Protection Regulation (GDPR) will be absorbed into UK law at the point of exit, so there will be no substantive change to the rules that most organisations need to follow. But organisations that rely on the transfers


of personal data between the UK and the European Economic Area (EEA) may be affected. Personal information has been able to


flow freely between organisations in the UK and European Union without any specific measures. That is because we have had a common set of rules – the GDPR. But this two-way free flow of personal


information will no longer be the case if the UK leaves the EU without a withdrawal agreement that specifically provides for the continued flow of personal data. In this event, the government has already


made clear its intention to permit data to flow from the UK to EEA countries. But transfers of personal information from the EEA to the UK will be affected.


Guidance We have published guidance and practical tools to help organisations understand the implications and to help you plan ahead. These comprise: a ‘Six Steps to Take’


guide; broader guidance on the effects of leaving the EU without a withdrawal


22


But this two-way free flow of personal information will no longer be the case if the UK leaves the EU without a withdrawal agreement that specifically provides for the continued flow of personal data. In this event, the government has already made clear its intention to permit data to flow from the UK to EEA countries. But transfers of personal information from the EEA to the UK will be affected


www.CCRMagazine.com


agreement, and a general overview in the form of Frequently Asked Questions. We know that many organisations have


already been making preparations in case the UK leaves the EU without a withdrawal agreement in place. This includes those that are involved in transfers of personal data to and from the EEA. If your organisation has not yet, our ‘Six


Steps to Take’ guide is a good place to start. It is designed to help all organisations make the precautionary preparations that will help ensure these data flows continue. Organisations will need to carefully


consider alternative transfer mechanisms to maintain data flows and the guidance we have produced will help you weigh the options and take action if this proves necessary.


Standard contractual clauses Many may decide that one potential solution is to put in place what are known as ‘standard contractual clauses’ between themselves and organisations outside the UK. We have produced a straightforward,


interactive guide to take you through that process. Particularly aimed at small and medium sized organisations, it will help you decide if standard contractual clauses are relevant and will minimise the expense of putting them in place. It already includes help with completing


the clauses, but we will be making further developments in the next few weeks to


February 2019


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52