What happens to GDPR due to brexit?
- The UK GDPR is replacing the existing EU GDPR on 31st December 2020 at 11pm;
- All the main principles, obligations and rights remain in place;
- The existing EU GDPR will continue to apply, unchanged, in the countries of the EEA.
What should I do?
Being outside Europe will impact the following data protection matters in the UK:
- International transfer of personal data, including the question of ‘adequacy’ and other safeguards;
- You will need to appoint a representative in the EEA.
What are EU Representatives?
- UE Representatives act as point of contact for Lead Supervisory; Authorities and data subjects;
- They need to be established in an EEA member state where your data subjects are based.
EU Representative is not required if:
- You have a branch, office or establishment within the EEA;
- Public Authority;
- Processing is occasional or low risk.
EU Representative is required if:
- Offering goods and services;
- Monitoring behavior;
- You don’t have a branch, office or establishment within EEA.
Steps to be taken by the data controller or processor
- Authorize the representative, in writing, to act on your behalf regarding EU GDPR compliance, and to deal with any supervisory authorities or data subjects in this respect;
- Provide the Representative details to data subjects;
- Lead supervisory authorities.
Requirements for a EU Representative:
- Maintain local records of processing;
- Facilitate the organization’s communications with lead supervisory authorities and data subjects;
- Must be able to efficiently communicate with the data subject, ideally in their own language.