View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. Technology
  2. Data
January 30, 2020

ICO Warns that During Brexit Transition Period its ‘Business as Usual’

"If you operate inside the UK, you will need to comply with UK data protection law."

By CBR Staff Writer

This week the Information Commissioner’s Office (ICO), the UK’s data protection authority, is warning businesses that during the Brexit transition period its ‘business as usual’.

While negotiations about the nature of the future relationship between the UK and the EU are being hammered out, the ICO is warning that at the end of the transition period: “The default position is the same as for a no-deal Brexit: the GDPR will be brought into UK law as the ‘UK GDPR’.

There is still uncertainty around the structure of data regulation in the UK following the end of the transition period which occurs in December of 2020. However the ICO is clearly warning business that as far as it’s concerned anyone who is processing personal data should follow their current data protection obligations as they are laid out in the GDPR.

The ICO has stated that: “The GDPR is an EU Regulation and, in principle, it will no longer apply to the UK from the end of the transition period. However, if you operate inside the UK, you will need to comply with UK data protection law. The government intends to incorporate the GDPR into UK data protection law from the end of the transition period – so in practice there will be little change to the core data protection principles, rights and obligations found in the GDPR.”

Brexit Transition Period

The ICO will remain an independent supervisory body with regards to UK data protection legislation. It notes that if a company is transferring personal data from the UK to an EU entity then they can proceed as normal, as the UK government has stated that they will put no restriction on data flow. However, if the company is receiving data from a firm based in the EU they will need to take extra steps to ensure they are compliant.

One step the ICO notes companies no longer need to take is the appointment of a European Economic Area (EEA) representative during the transition period. Stating that: “During the transition period you do not need to appoint a representative in the EEA. However, you may need to appoint a representative from the end of the transition period if you are offering goods or services to individuals in the EEA or monitoring the behavior of individuals in the EEA.”

Content from our partners
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion
How enterprises can best prepare for finance digitalisation

The ICO has previously advised that one of the best approaches when dealing with EU bodies from the UK is to establish standard contractual clauses (SCCs). The SCCs should outline the data protection responsibilities of a company with regards to GDPR legislation in the EU. The SCC would essentially establish contractual terms and conditions that ensure both companies process data in a legal manner.

See Also: Avast CEO Shuts Down “Jumpshot” Programme, Apologises to Users

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU