Governance, Risk and Compliance as we move ever closer to Brexit
That’s it – were just one quarter away as the end of the Brexit transition period rapidly approaches and for anyone without a dedicated Data Protection Officer (DPO) still seeking to understand the important considerations around the impact of Brexit and what is means for your data processing activities – read on.
For those Phoenix customers engaged in cross-border processing, or may be part of an international group, we recommend that you now finalise your plans to ensure that you can continue to operate as usual – especially if the Brexit negotiations end in a no-deal result as of 1 January 2021.
So, will the GDPR still apply?
Hmm … we wish this were straight forward – it’s both a ‘Yes’ and ‘No’. On the whole, substantial amounts of the EU-GDPR will apply, but a ‘UK GDPR’ will replace the EU GDPR effective from 1 January 2021.
When the transition period is completed, the Data Protection, EU Exit Regulations 2019, Privacy and Electronic Communications (Amendment) will implement EU GDPR standards in the UK from exit day.
The 2019 Regulations consolidate and amend the EU GDPR and UK DPA (2018 – which supplements the GDPR in UK law) to create a new UK GDPR – this new UK GDPR will have an extra-territorial reach and will apply to the processing of personal data if:
- You are located in the UK.
- You offer goods and services to, or monitor the behaviour of, individuals in the UK.
The EU GDPR may also continue to apply to you if:
- You have branches or offices in the EEA.
- You offer goods and services to, or monitor the behaviour of, individuals in the EEA.