Businesses in Cardiff are urged to act now to continue receiving personal data after Brexit
What you need to know to continue receiving personal data after Brexit
Digital Secretary Nicky Morgan is urging businesses to get ready for Brexit and act now to continue receiving personal data legally from the EU or European Economic Area (EEA).
When the UK leaves the EU, it will become what is known as a ‘third country’ under the EU’s data protection laws.
This means that UK and EU/ EEA organisations will need to take necessary action to ensure that personal data transfers from organisations in Europe to the UK are lawful.
The benefits of taking action now means UK organisations won’t be at risk of losing access to the personal data they need to operate such as names, addresses or payroll details.
Businesses and organisations should review their contracts relating to these personal data flows. Where absent, they need to update their contracts with additional clauses so that they can continue to receive personal data legally from the EU/EEA after Brexit.
For most organisations, this will not be expensive and will not always require specialist advice.
Digital Secretary Nicky Morgan said:
“If you receive personal data from the EU, you may need to update your contracts with European suppliers or partners to continue receiving this data legally after Brexit.
“So I am urging all businesses and organisations to check and ensure they are ready for Brexit.
“There are simple safeguards you can put in place by following the guidance available. UK and EU businesses should get on the front foot and act now to avoid any unnecessary disruption.”
What is personal data?
• Personal data is any information that can be used to identify someone.
• This type of information is regularly used in the daily running of businesses and organisations, for example in relation to human resources, sales, purchasing or marketing.
What is an example of personal data transfer from an EU/EEA partner?
• A UK company that receives customer information from an EU/ EEA company, such as names and addresses of customers, suppliers or partners to provide goods or services.
• It could also be internet protocol (IP) addresses or human resources data such as staff working hours and payroll details.
• Businesses or organisations that receive this kind of information from an EU/EEA company to provide goods or services, should check how they can legally keep receiving the data after Brexit.