Unless you’ve been literally living under a rock, then you’ll probably have heard that Brexit – including the possibility of a no-deal – is right around the corner and if you’re one of the many businesses that have ties to Europe and you send or receive data to or from Europe, then you’ll want to know about some special rules that you’ll need to follow to keep the data flowing. 

The Information Commissioner’s Office has released information and guidance to help businesses and organisations better prepare for data protection compliance after a no-deal Brexit.

GDPR is still the Gold Standard.

According to the ICO, the UK is ‘Committed to maintaining high standards of GDPR’ and the best bet for businesses that are preparing for a no-deal Brexit is to ensure that they’re following  and complying with the GDPR regulations now – after Brexit the UK Government plans to incorporate GDPR into UK law alongside the Data Protection Act so regardless of the Brexit outcome, this is going to be a must for all businesses.  

If you have customers in Europe or a European presence, then GDPR is also going to be important for you and the ICO say that this is the best way to prepare for post-Brexit.

You might need a GDPR Rep  

If you are a UK Based organisation but you have goods or services that you offer to individuals of the EEA, then you will not only need to comply with the EU Data regulations, but you will, in most cases, need to appoint a suitable representative in the EEA.

The representative will serve as the local touch point and they will interface with individuals and data-protection authorities inside the EEA and you will need to find a provider in the EEA who offers GDPR Representation services. 

On a side-note, your DPO cannot also be your GDPR Rep.

Transfers to the EEA

According to the Government, transfers to the EEA will not be restricted. Sending data from the UK to the EEA will still be possible and you won’t need to take any additional steps here.

Transfers from the EEA

If you’re receiving data from the EEA, it will need to be compliant with all the EU data protection laws and in order to keep data flowing, you’ll need to work with them to make sure that compliance is observed.

Use SCCs to keep data flowing

An SCC is a ‘Standard Contractual Clause’ and the ICO say that these are the best way to make sure that data continues to flow post Brexit and they have even put together an SCC Interactive Guidance tool to help small and medium businesses keep data moving.

Make sure you update your docs

It’s important to ensure that you review your privacy policies and your documentation to identify any changes that need to be made to the wording or the processes – knowing where and what to update will allow you to keep reactive to changes and to ensure that you’re as compliant and covered as possible.

Make sure you update yourself

Things are changing quickly and there is still no clearly defined outcome for Brexit and one of the best things you can do to prepare is to keep up to date with the latest information – from the data perspective the ICO is probably the single best source that you can use, so make sure that you check out their website for tips and information.

Zoho Premium Partner

A2Z Cloud is one of the top Zoho Premium partners in the UK with a room full of talented Zoho Developers, Dedicated trainers, and skillful project managers to ensure that your entire journey with us is a smooth one.