It is unlikely that the Brexit deal has resolved the ‘adequacy position’ (see below), and as such from 1 January 2021 the General Data Protection Regulations (GDPR) will no longer apply to the processing of Personal Data of a UK citizen, though they will still apply for EU citizens.
Note: For UK citizens, you still need to comply with the UK Data Protection Act 2018, which incorporates the terms of the GDPR into directly applicable UK legislation.
This means that the practicalities of how you process and record the processing of Personal Data will remain the same post-Brexit for everyone except EU citizens.
How to process EU Citizens’ Personal Data Post-Brexit
- Check your contracts. Do they state that you should not send any Personal Data outside of the EEA? If they do, there will be steps you need to follow in that contract if you are going to ‘send’ their Personal Data out of the EEA and you need to ensure that you follow them.
- Regardless of what is set out in your contracts, if you are going to continue to process EU personal data on behalf of your customer then you will also need to ensure that these Standard Contractual Clauses (SCCs) are executed. They are non-negotiable.
FYI The data importer is the data processor (usually the ‘Supplier’) and the data exporter, the data controller (is most likely, the ‘Customer’).
Top tip: These SCCs can be annexed onto contracts if you prefer and you can also enter into ‘side letters’ or any ‘variation document’ to expressly amend your current contract terms to permit you to continue to process the personal data, outside of the EU. In any event, the key point is to ensure that both parties execute these clauses.
Will we always have to do this?
We suspect the position may change at some stage. There are already discussions taking place to try to have the UK accepted by the EC as a country which has an ‘adequate level of protection’ – after all we have incorporated the GDPR into domestic law – but only time will tell. The European Commission may wait to see how the UK courts choose to interpret the legislation, as and when any legal actions arise under it, before finalising its position.
If the UK is eventually deemed ‘adequate’ by the EC then no additional action or documentation will be required other than to ensure your commercial contracts continue to reflect the appropriate Data Protection requirements, as set out in the Data Protection Act 2018.
Special offer for Microsoft Partners
Until the end of March 2021, our employment lawyer, Megan O’Hara, is offering Microsoft Partners a free 90-minute consultation to discuss all your HR and employment dilemmas. Email email@example.com to book an appointment now!
Don’t let your contracts get the better of you. Let the Law 365 team help you grow your business with less risk.
What makes us different?
- We’re the only law firm in the world who specialises solely in the legal needs of Microsoft Partners like you.
- We offer our legal services as a monthly subscription – allowing you to easily budget for your legal costs for the year. No surprises.
- We are your ‘in-house’ Microsoft legal team. We can speak your language and won’t bog you down in legal jargon.
- We’ll work at your speed to help you achieve your goals. We won’t slow you down, especially when getting deals over the line.
We’d love to talk so call us on 01892 313 943, or drop us a note at firstname.lastname@example.org. Also, make sure you follow us on LinkedIn to be kept up to date with useful legal information for Microsoft Partners. Our Microsoft technology lawyers are here to help
Law 365 – The Award-Winning Microsoft Partner Law Firm.