The General Data Protection Regulation (GDPR) is an EU-wide standard for protecting people’s data. It sets out the high standards of data protection and obligations that companies must meet when processing personal data.
With the UK due to leave the EU, we are working with our EU partners to ensure sufficient protection is in place for data being transferred post-Brexit.
If your business involves the transfer of personal data to or from the UK, you need to ensure that sufficient protections are in place so that you can continue to transfer personal data post-Brexit.
This includes transfers such as mailing lists if you have UK based clients, or employee data if you use a UK-based payroll firm etc. It also includes data storage and website hosting where this involves personal data.
Data protection and commercial transfers of personal data are regulated at the EU level and there are a range of measures that enable such transfers to and from third countries.
All companies are advised to review their existing processes and contracts to assess whether they involve data transfers to the UK and to ensure compliance with data protection regulations.
The Data Protection Commission has issued guidance on what measures would apply for a majority of companies in the event of a no deal Brexit and sets out detailed advice on how companies should implement these. For further detail and guidance please visit the Data Protection Commission website.
Click here to return to the Brexit and Business page.