Skip to main content
Data protection

Importance of protecting your data

Is your company data (e.g. customer records, accounts, management information) held on the Cloud or do you rely on data being sent to you from the European Union? If the answer’s yes, please read on – it’s important.

Personal information has been able to flow freely between organisations in the UK and European Union due to the General Data Protection Regulation (GDPR) rules.

From 1 January 2021

GDPR will be retained in UK law and will continue to be read alongside the Data Protection Act 2018, with technical amendments to ensure it can function in UK law.

Receiving personal data from the EU/EEA and already adequate third countries

The wider EU-UK Trade and Cooperation Agreement contains a bridging mechanism that allows the continued free flow of personal data from the EU/EEA to the UK after the transition period that ended on December 31st 2020, until data adequacy decisions come into effect, for up to 6 months. EU data adequacy decisions for the UK would allow for the ongoing free flow of data from the EEA to the UK.

The EU-UK Trade and Cooperation Agreement bridging mechanism for personal data will operate on the basis of UK law, as it stands on 1 January, and with some restrictions on the UK’s use of international data transfer powers. The provision includes mechanisms to enable the UK to make changes to its data protection regime or exercise international transfer powers, subject to mutual agreement, without affecting the bridging mechanism. The UK will have full autonomy over its data protection rules. The EU does not have the power to block changes to its framework or use of its powers. If the EU objects to changes, and the UK anyway makes them, the bridge will end.

What should you do?

As a sensible precaution, before and during the bridging mechanism, it is recommended that you continue to work with EU/EEA organisations who transfer personal data to you to put in place alternative transfer mechanisms to safeguard against any interruption to the free flow of EU to UK personal data.

Check the Information Commissioner’s Office (ICO) website. 

Check with your service provider that they have put in place arrangements to cover access to two way data flows in the event of a data flow disruption.

Check with your key suppliers to ensure that they have also checked their data flows and put in cover in the case of a data flow disruption.

Check the Welsh Government Business Wales Brexit Portal which contains advice and information on business-affecting issues.

Don’t take the chance – CHECK NOW.

Next: the transition period >