23 December 2020
A solicitor is warning businesses not to overlook the issue of data protection after the end of the Brexit transition period.
David Campbell (pictured), a specialist data protection solicitor at DPA/OK, warns that while GDPR still currently applies in the UK, meaning businesses in Europe can freely send personal data to the UK, significant changes will come into effect on 1 January 2021.
He said: “On that date the transition period will be at an end and the UK will be, in data protection terms, a ‘third’ country.
“This means that European businesses who need to send personal data ‘out’ of Europe to the UK can only do so where the GDPR allows it.
“The UK government is trying to secure a finding from the EU that the UK’s data protection regime is ‘adequate’ which would allow personal data to flow freely as it does now. However, time is running out and such a finding is not guaranteed.”
David advises businesses who rely upon personal data flows from Europe to put in place measures to ensure these can still lawfully take place.
For instance, they can look to enter into a contractual agreement with those organisations they do business with.
He added: “As well as the issue of data flows any UK business who offer goods/ services to European citizens or monitors them (and who do not have a physical presence in Europe) must still comply with the European GDPR.
“They will usually need to appoint a ‘EU representative’ to act as their agent for data protection matters in Europe.
“This representative will be a point of contact for data protection regulator(s) in Europe and for individuals whose personal data is processed by the UK business.”
For further information contact DPA/OK on 01902 229817 or 07397 943394