Businesses which share personal data with organisations in the European Economic Area (EEA) will need to take steps to ensure they continue to comply with data protection laws should the UK leave the EU without a deal.
In a new report published today, the Government said UK and EU partners should consider what changes they need to make to “ensure that personal data can continue to flow” after 29 March 2019.
While the UK does not intend to impose additional requirements on transfers of personal data from the UK to the EEA, the same cannot be guaranteed for reverse transactions.
Therefore, transfers of personal data from the EEA to the UK will become restricted once the UK has left the EU.
In preparation for this possibility, the Information Commissioner’s Office (ICO) has published a six-step guide for UK businesses.
With the introduction of the General Data Protection Regulation (GDPR) in May last year, it is essential that data-handling businesses are fully prepared to avoid hefty fines.
“The UK is committed to the high standards of data protection set out in the General Data Protection Regulation (GDPR), and the government plans to incorporate the GDPR into UK law when we leave,” said ICO.
“Therefore, your best preparation for the future UK regime is to ensure that you are effectively complying with the GDPR now.”
If your business only shares data within the UK, there will be no change.
The six-step checklist can be found here.