We look at whether GDPR still applies to UK businesses now the UK has left the EU.
One of the changes we’ll feel in 2021 is that many EU regulations will no longer directly apply in the UK. Does that mean we can forget about GDPR? Before you break out the champagne…read on.
It’s true that UK businesses that only operate in the UK will no longer need to comply directly with EU GDPR – because those are European regulations for members of the European Union…but there’s a catch!
EU GDPR requirements were actually copied into law under the UK Data Protection Act 2018. In reality, UK businesses were always really complying with UK DPA 2018 but everyone was calling them GDPR. There are some minor differences, but the UK regulations are almost identical to GDPR so businesses in the UK will still have the same legal obligations. The regulator for UK data protection law (the ICO) will still work as normal and it has already committed to upholding the high standards of the EU’s GDPR. In fact, the ICO is now referring to the UK's law as UK GDPR, so we're unlikely to notice any real difference in hos the regulations are applied or enforced.
The good news is that businesses operating solely within the UK (which is many of us!) won’t really see a major difference. Compliance and enforcement will continue, and the ICO will continue to pursue those who don’t comply with DPA 2018.
UK businesses with clients in the EU
The picture is a bit more complicated for UK businesses that have clients in the EU. From 1 January 2021 any data you receive from EU countries will be an “export” that must be protected under GDPR. This means you will have to put special contractual arrangements in place to manage those transfers.
These clauses provide protection under GDPR for the EU citizens whose data you’re processing.
Depending on the nature of your business with EU citizens, you may also need to register with a representative in the EU to act as your point of contact for EU citizens. This representative will also manage your relationship with EU data protection authorities (every EU country has their own version of the UK’s ICO)
If you’re unsure about what your small business must do to remain compliant with UK data protection regulations (or even whether GDPR still applies to you!) then drop us a line at email@example.com
Take the ‘data protection & GDPR for accounting professionals’ course today!
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.