GDPR was the talk of the town back in May 2018, but we are now hearing the question floating around quite a lot: “What will happen to GDPR after Brexit?”. And in short, the EU General Data Protection Regulation will continue to apply to UK companies (ones that collect or process data) after Brexit.
Many people think that GDPR will not apply after the UK leaves the European Union, however, it is to be made clear that GDPR still applies regardless of where the data is held. Although, if the UK did not agree to either continue with GDPR or compose a similar data protection procedure, then personal data flows with Europe would not be permitted. To settle this UK Government have already indicated that they will enact a substantially similar law after Brexit.
In the brunt of this all, you may have heard talk about ‘adequacy’ and speculation if the UK will be given ‘adequacy status’.
What is adequacy?
Adequacy is all about showing to the EU that the UK is a safe place for data processing so that no data is imposed. The European Commission can assess non-EU countries’ level of personal data protection to see if it is essentially of an equivalent level to that of the EU. If a country ‘passes’ the rigorous testing, the commission can make an Adequacy decision.
GDPR for small businesses
What is GDPR
The General Data Protection Regulation is a European-wide law that replaced the Data Protection Act which was set in place in 1998 in the UK. GDPR placed greater obligations on how organisations handle personal data – which came into effect on 25th May 2018.
How has GDPR affected small businesses
If your business deals with personal data such as:
- Their name
- A photograph of them
- Their email or postal address
- Bank account details
- Medical information
- Computer IP address
Then there is a possibility you could have been affected by GDPR. But remember it’s all about how you handle that data! Under the GDPR, controllers must ensure that personal data is processed lawfully, transparently and for a specific purpose, after which – if the data is no longer required – it must be deleted.