The United Kingdom voted to leave the European Union over three years ago. However, political discord both within the UK and between Parliament and Brussels has left Brexit in limbo ever since. Many London organizations have begun to believe that Brexit will never be finalized, so they feel it is unnecessary to take preparatory action. This is not the case and they will need to prepare themselves for new requirements.
Parliament is inching closer to the Brexit deal with each passing day. Boris Johnson has come close to an agreement that might pass, even if some modifications are needed.
Brexit is going to involve a number of major changes. One of the changes that has received little discussion so far is the impact on data privacy. Organizations around the UK will need to know how data privacy laws are going to evolve after a Brexit deal is finalized.
If you own a business in London, you are going to need to prepare for the inevitable secession from the European Union. Among other things, you are going to need to make sure that your business abides by all relevant data privacy regulations. The steps that your company is going to need to take will depend on the jurisdiction of your business and locality of your customers. Here are some general guidelines that entrepreneurs in London will need to follow to ensure compliance with all applicable data privacy laws.
Guidelines for businesses operating solely within the UK
The vast majority of small businesses in London won’t need to make any major changes. If you don’t have a business presence or any customers in mainland Europe, then you will probably merely need to follow the directive stipulated in the GDPR. They will need to take a number of steps to ensure data privacy, such as using a private docker registry.
Why would you need to follow the GDPR if you don’t have any customers outside the UK? While you will not technically be required to abide by the GDPR without having customers or a point of business in mainland Europe, you’re probably going to need to follow similar directives.
The UK parliament has pledged to reaffirm the GDPR requirements after Brexit is passed. Parliament might make some minor revisions. However, your business probably wouldn’t need to make any substantial changes if you have already been adhering to the terms of the GDPR.
Guidelines for London businesses with customers in mainland Europe
Data privacy requirements are going to be a bit more complicated if you have customers in other parts of Europe. Fortunately, you probably won’t need to make massive changes. However, you will need to take at least a couple of steps.
There are two scenarios that you need to be prepared for if you have customers outside the UK limits:
- You need to know what steps to take if you are transferring data from the UK to the EEA
- You need to know what to do if you are receiving data from the EEA
The first situation is the simplest. The United Kingdom government has said that it will not make any major changes to policies regarding the transfer of data outside the country. They could still change their mind after Brexit is finalized, but there is a little indication they intend to do so.
The second situation is a little trickier. Fortunately, you won’t need to make significant changes as long as you are already adhering to the GDPR. You will need to take one extra step though. You’re going to need to communicate with authorities in the EAA and let them know that you are going to be receiving data. The arrangement won’t be too difficult as long as you can establish that your company is in compliance with GDPR and other data requirements. The Information Commissioner’s Office has more details on this matter.
It is important to keep in mind that data laws may differ between the EEA and UK in the future. You’re going to need to be well-versed in the differences, because you will be responsible for adhering to any requirements in the GDPR that might not be incorporated into UK law.
Guidelines for London businesses with a presence in other European countries
The requirements are going to be a lot stricter if you have a physical presence in other parts of Europe. You’re going to need to take a couple of other steps beyond developing a compliance plan for the GDPR.
You going to need to appoint a data protection officer for all activities taking place within EU limits. You’re also going to need to work closely with the data controller in the countries you have a presence in and submit regular compliance reports.
Data privacy requirements will change a little after Brexit
Brexit discussions have stalled over the last couple of years, but in agreement is probably going to come soon. London businesses are going to need to be prepared for the changes. They will need to be especially diligent about understanding new data protection requirements and make sure that they abide by them carefully.