Are you ready for the new Data Protection Regulations on 1 January, 2021?
As Bing Crosby once sang, “Christmas is a Comin”, but while he focused on ‘Christmas bells’, and ‘egg in the nog,’ at no point did he mention Data Protection Regulations … yet we’re only a few short weeks away from the end of the transition period.
If you receive personal information from the EU for business use, then you need to act now to ensure that you are prepared for the data protection requirements that may come into force on the 1 January 2021. Now that the UK has left the EU, we are in this transition period until the end of 2020.
This means that the current rules will continue to apply during this transition period, but the UK will have the independence to keep the framework under review.
If you are an organisation that already complies with the GDPR and has no contact or customers in the EEA, you do not need to do much more to prepare for data protection compliance at the end of this transition period.
If you are a UK business, or an organisation with an office, branch or other established presence in the EEA, you will need to comply with both the UK and the EU data protection regulations at the end of the transition period and you may need to designate a representative in the EEA.
If you are a UK business or organisation that receives personal data from contracts within the EEA, you may need to take extra steps to ensure that the data can continue to flow at the end of the transition period.
If you are a UK Police Force, different rules apply to you – you should continue to comply with Part 3 of the DPA2018 and follow current ICO guidance on law enforcement processing. It is recommended that you review your data flows and identify where you receive data from in the EU and talk to your European partners about whether you need to put any additional safeguards in place to ensure data can continue to flow. Additionally, you should review your data flows and identify where you transfer data to in the EU, so that you can document the new basis for those transfers.
What kind of data you may ask ? Whether you receive customer email addresses, payroll admin and more, you need to be ready. It’s certainly worth looking at ICO’s website.
Here are some basic steps for you to undertake between now and 31 Dec 2020:
- Continue to comply to all applicable legislation and regulations – the GDPR; DPA2018
- Review your data flows and identity where your data is received from (outside of the UK)
- Review your privacy information, internal records, and logs to identify any details that will need updating.
- Train your people around the changes to support awareness and any potential issues.