To celebrate international Data Privacy Day 2021 (28 January 2021), the Birketts Data Protection Team has produced a series of data protection top tips articles. This bite-sized advice series is designed to provide you with some easily digestible compliance tips, focusing on some of the key issues we see clients dealing with on a daily basis. Today we are focusing on Brexit. Kitty Rosser shares her data protection top tips…

  • Transferring data in and out of the UK: Restrictions apply to data flowing both into the UK and out of the UK. In some cases, the UK has put special arrangements in place to enable data to flow freely but in others, you will need to put special contracts in place or fall within particular derogations if you wish to transfer data. Ensure you have mapped where your data comes from and goes to and, where necessary, taken the relevant steps to ensure you are not in breach of the transfer restrictions.
  • Appointment of Representatives: If you offer goods and services to individuals in the EU but have no office or branch in the EU it is likely that you will need to appoint a representative in the EU. Likewise, if you offer goods and services to individuals in the UK but have no office or branch here it is likely that you will need to appoint a representative in the UK. Appointments must be made in writing and authorise the representative to engage with supervisory authorities and data subjects on your behalf.
  • Supervisory authorities: If you are based in the UK but continue to process personal data of individuals in one or more EU countries you may need to deal with the data protection regulators in one or all of those countries. Make sure you understand what regulators you may need to deal with and whether you might be able to take advantage of the one-stop shop arrangements to minimise the number of EU regulators you have to deal with.
  • Update documentation: Make sure you have updated your data processing contracts, records and policies to reflect any new data transfer or representative arrangements you have put in place and to replace references to EU data protection laws with references to UK data protection laws.
  • Keep up to date with change: Although Brexit has now happened there is further change on the horizon for data protection. Things to look out for in the coming months include confirmation of whether the UK has been awarded an adequacy decision to allow us to continue receiving data from the EU and new versions of the standard contractual clauses used for international data transfers.