GDPR Compliance after Brexit transition period
The EU General Data Protection Regulation (GDPR) came into force on 25 May 2018, under which all European companies are required to implement new working procedures and ensure that both they and their suppliers fully comply.
At the end of the Brexit transition period, which will take place on 31 December 2020, regulations concerning GDPR might change, but until that date, the EU will continue to apply GDPR as if the UK were an EU member state. As expected, Brexit will have a huge impact on many businesses, not only based in the UK and EU, but also in foreign countries. One of those impacts will certainly involve data protection and GDPR and the creation of the new UK Data Protection Representative role, a mandatory requirement for all companies outside the UK selling goods or providing service into the UK.
As far as GDPR regulations are concerned, they have an extraterritorial effect and extent, so non-EU countries are also affected. Even after the Brexit and for all the cross-over period, the UK will still need to comply with the GDPR as it is still a part of the EU. The EU Nevertheless, although GDPR will no longer apply directly in the UK at the end of the transition period, taking into consideration that GDPR has an extraterritorial reach, the UK companies continuing to do business with the EU after Brexit will, in any case, need to comply with the Regulation to avoid infringements. UK companies doing business with any EU company or individual as customers will need to be aware of their legal obligations and comply to avoid fines.
As a matter of fact, the UK government has issued a statutory instrument – the Data Protection, Privacy and Electronic Communications (Amendments, etc) (EU Exit) Regulations 2019. This amends the DPA 2018 and merges it with the requirements of the EU GDPR to form a data protection regime that will work in a UK context after Brexit. This new regime will be known as ‘the UK GDPR’.
EU GDPR and the UK GDPR really differ in very few aspects, So, organisations that process personal data should continue to comply with the requirements of the EU GDPR.
The EU GDPR’s requirements as implemented by Parts 3 and 4 of the DPA 2018 will continue to apply for law enforcement and intelligence purposes.
The UK hopes that, by enacting the EU GDPR’s requirements in domestic law, it will be able to demonstrate that it will continue to enforce international data protection requirements after leaving the EU.
It is essential for all businesses that control or process personal data to provide clear and transparent information regarding data collection, which may entail translating policy documentation concerning GDPR for your clients and suppliers.
An extract from the official EU guidance on GDPR states: “Where the information is translated into one or more other languages, the data controller should ensure that all the translations are accurate and that the phraseology and syntax makes sense in the second language(s) so that the translated text does not have to be deciphered or re-interpreted. A translation in one or more other languages should be provided where the controller targets data subjects speaking those languages.”
As a corporate or an individual customer, you need to ensure that your information concerning GDPR is translated by a company with the correct legal knowledge to ensure it is presented clearly and accurately. MMW Europe has secure and confidential procedures that are trusted by all our clients, including leading law firms. We have an unparalleled reputation for accuracy, quality and confidentially, as well as unrivalled knowledge of the legal industry due to our extensive and long-lasting experience in this field.