With less than three weeks to go until the end of the Brexit transition period on 31 December, the UK government has released advice on the actions that businesses should take to ensure personal data continues to flow freely from the EU/EEA to the UK.
Most organisations use personal data in their daily operations, which is any information that can be used to identify a person, including names, delivery details, IP addresses or HR data, such as payroll details. For example, a UK company may receive customer information from an EU company, such as names and addresses, to provide goods or services.
If you receive personal data from the EU/EEA, the government said it urges UK companies to act now to ensure they can continue to lawfully receive data from their clients in the EU from 1 January 2021. This means:
- You should take stock of the personal data you process prior to 1 January 2021
- If you receive personal data from a company based in an EU/EEA country, you should map your data flows and put in place alternative transfer mechanisms, such as Standard Contractual Clauses, with any relevant EU organisations (NB: the EU has yet to make a decision as to whether they accept that the UK’s data protection regime is still adequate).
- Visit gov.uk/using-personal-data-2021 for guidance on the actions your business or organisation needs to take regarding data protection and data flows.
“Making changes now will ensure a smooth end to the transition period, and see businesses ready to take advantage of the new legal and economic freedoms that being an independent trading nation will bring,” explained Alok Sharma, secretary of state for business, energy and industrial strategy.
You can find out what actions you may need to take by using the checker tool at gov.uk/transition, and keep up to date with regular business readiness bulletins too.