Although the UK has left the EU, they will not be excused from complying with data protection laws. The UK still needs to follow legislation on how they store and treat data. Instead, Britain leaving the EU means that they have lost the Mini One Stop Shop protections. The mechanism previously meant that businesses engaging in cross-border data processing only needed to interact with one supervisory body.
The changes that the data processing sector now face can be broken down into three core problem areas:
- If you are a UK business or organisation with an office, branch or other established presence in the EEA, or if you have customers in the EEA, you may need to designate a representative as you will need to comply with both UK and EU data protection regulations.
- Businesses should review current international data transfer procedures and identify any transfers of personal data from the EEA to the UK (as well as any transfers from the UK to other countries), and they should be prepared to put standard contractual clauses or alternative safeguards in place where necessary.
- UK businesses lose the benefit of GDPR’s One Stop Shop regime. GDPR no longer domestically applies in the UK and instead the processing of personal data in the UK is governed by the UK GDPR.