I
f your organisation shares personal data with businesses in the European Economic Area (EEA), you will need to take steps to ensure you continue to comply with data protection laws if the UK leaves the EU without a deal.
What is personal data? Personal data refers to any information that can be used to identify a living individual, including a customer’s name, their physical or IP address, or HR functions such as staff working hours and payroll details.
Although the UK’s own data protection standards would remain the same, how personal data is transferred from the EU/EEA to the UK would change. This could affect your organisation.
Therefore, if your organisation receives personal data from organisations in the EU you should consider, with your EEA partners, what changes you may need to make to ensure that data can continue to flow after the exit date. These changes will affect organisations both large and small.
Organisations should as a priority, review whether they would be affected. For those that would be, early action is advisable, given changes may take some time to implement.
Practical advice and support is available at ico.org.uk, including ‘Six Steps to Take’ to help you understand the implications and prepare.