It's Data Privacy Day: A quick guide to data protection for your post-Brexit business - Willans LLP
By Willans LLP
Today (January 28), marks Data Privacy Day, an annual international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust.
And Punchline-Gloucester.com has teamed up with award-winning business lawyers Willans LLP, who have put together a quick guide which makes essential reading for businesses, particularly for those who process personal data in the EU.
The pandemic has understandably diverted attention and resources for many businesses, at a time when Brexit preparations may otherwise have been top of the agenda.
Nonetheless, the transition period is now over, and a clearer picture of the future relationship between the UK and EU has emerged. Read on to find out what your business needs to do now, what can wait and what measures should already be in place...
What data-related matters may affect my organisation? Do I need to act now?
As the UK is now outside of the EU, it is regarded as a 'third country', and as a result many UK companies will need to have an 'EU representative' in place to act as a direct contact for the individuals whose data they are processing, and also data protection supervisory authorities in the EEA.
You will need an EU representative if your business does not have offices or branches in the European Economic Area (EEA) and you are offering goods or services to individuals in the EEA, or monitoring their behaviour through e.g. targeted advertising or data 'profiling', and are holding or processing their data for those purposes. This has become a requirement for UK businesses as of January 1, and for businesses in the rest of the world it has been a requirement since 2018.
The EU representative serves as a contact point between your organisation, the supervisory authorities in the EU and relevant data subjects. They will be able to help you with holding data processing records, be a point of liaison between EU supervisory authorities and handle subject access requests.
Various data protection services organisations can act as your EU representative, such as our sister company, Willans Data Protection Services.
How does Brexit affect GDPR more generally? Has anything changed?
The Brexit Treaty allows for personal data to flow freely between the UK and the EU (and EEA) for a four month period, extendable to six months. So, in this respect, things won't change for another few months.
Information commissioner, Elizabeth Denham, said "This means that organisations can be confident in the free flow of personal data from January 1, without having to make any changes to their data protection practices."
The ICO adds "As a sensible precaution, before and during this period, the ICO recommends that businesses work with EU and EEA organisations who transfer personal data to them, to put in place alternative transfer mechanisms, to safeguard against any interruption to the free flow of EU to UK personal data."
This is because, although it is hoped that following this period the UK's data protection laws will be formally deemed 'adequate' by the European Commission, allowing free data flows in both directions, this is by no means certain, and the proposal faces opposition in certain quarters.
Four to six months is not a long period of time if you need to put operational changes in place, and you would be well-advised to start preparing if the changes are set to affect your business. Contact Willans for bespoke support with this.
What about commercial contracts? Has anything changed now the transition period is over?
It's not too late to review contracts, particularly looking at the definitions of key terms. For example, if it refers to the EU as a 'territory' you need to identify if the definition covers member states 'from time to time' or does it specifically name countries? It would also be sensible to review any contractual mechanisms in place for pricing, and who would be liable should goods take longer as a result of border delays, for example. Read more about commercial contracts post-Brexit on Willans' website.
I'm an employer. Are there any specific changes which affect me?
There are no immediate employment legislation changes as a result of the end of the transition period. It is worth bearing in mind though, that the UK courts will not be bound by new decisions of the ECJ to the extent that they were, although all previous ECJ decisions are enshrined into UK law.
If you employ EU citizens, you will probably be aware that a new points-based system and a new 'skilled worker' immigration category is now operational in the UK. Read more about the business immigration requirements that your business will be subject to, via Willans' website.
Need legal support or advice?
Willans' business team are on hand with straightforward, approachable legal support, whatever challenges your business may face in the months or years ahead.
Contact Willans, or call 01242 514000, and we'll put you in touch with the best people to help.
You can also get to know some of the firm's employment and corporate lawyers by viewing a free Brexit webinar on the firm's website.
To find out more information about Data Privacy Day visit https://staysafeonline.org/data-privacy-day/.
Copyright 2021 Moose Partnership Ltd. All rights reserved. Reproduction of any content is strictly forbidden without prior permission.