This website uses cookies to store information on your computer. Some of these cookies are used for visitor analysis, others are essential to making our site function properly and improve the user experience. By using this site, you consent to the placement of these cookies. Click Accept to consent and dismiss this message or Deny to leave this website. Read our Privacy Statement for more.
News & Press: October 2019

Update from the Information Commissioner's Office

18 October 2019  
Share |
There’s one topic front and centre of this month’s newsletter: how your organisation can prepare for the UK leaving the European Union.

It’s a crucial area. 

If your organisation sends or receives personal information to or from countries in the EU, you need to act now to ensure that data flow can lawfully continue. 
 
That’s why the office has produced a range of advice and guidance to help organisations.  

At the moment personal data flow is unrestricted because the UK is an EU member state. But if the UK leaves the European Union with no deal, that will change, and additional measures will be needed to make sure your business complies with the law.  

It’s important you make sure your organisation is properly prepared for all exit scenarios, whether you’re a sole trader or small business or a large multi-national.

The guidance will help you work out what you need to do now, and then let you get back to your main focus: running your business.

Nicky Morgan, the Secretary of State responsible for data protection said:

“The Government has launched the UK’s biggest ever public information campaign to help businesses get ready for Brexit. A key part of that is making sure businesses can still lawfully send and receive data like customer and employee details. The ICO’s guidance sets out how you can prepare your business, and is essential reading.”

As you’d expect, the Information Commissioner's Office has been working closely with the Government on such an important issue, particularly making sure smaller businesses are aware of the importance of making preparations.

There’s dedicated guidance for smaller organisations on the Information Commissioner website. Even if you think your organisation doesn’t transfer data internationally, they urge you to read what they've produced, and decide whether you need to do anything now to ensure you remain compliant with the law. 

New guidance for small organisations

The flow of data between EU or EEA member states and the UK is vital for business. Businesses have to prepare for all Brexit scenarios. 

You may think your organisation won't be affected – but you must be sure. 

The new small business guidance will help you determine if your organisation’s data will be affected by Brexit and what steps you need to take to keep your data flowing. 

Guidance for small organisations that receive data from Europe

If your UK-based small or medium sized organisation (SMO) receives data from countries in the EEA, the new guidance will help you take steps to make sure data can continue to flow after Brexit.

Build a contract now to keep data flowing

In most cases, to keep data flowing into the UK, in the event of a no deal Brexit, UK based organisations will need a contract in place between them and the EEA-based sender. 

The best way to do this is to put a contract in place now on EU approved terms, known as Standard Contractual Clauses (SCCs). 

We have created two interactive tools to help you build your own SCCs in about 10 minutes. The two tools are for:

Controller to controller transfers; and 
Controller to processor transfers (where you are the data processor). 

Don’t know if you need an SCC? Find out easily now

The ‘keep data flowing from the EEA to UK’ interactive tool, for SMOs based in the UK, will help you decide whether your organisation needs SCCs to help you maintain the flow of data, and which SCC builder you need to use.

Guidance for large organisations that send or receive data to Europe

We have more detailed guidance on international data transfers to help larger organisation prepare for all Brexit scenarios. 

Guidance for small organisations with a European presence or customers 

If your SMO operates in the EEA, you will need to comply with both the UK and EU data protection regulations after Brexit. The new guidance will help you take steps now to do so.   

Guidance for large organisations with a European presence or customers

The Information Commissioner's Office have more detailed guidance for large organisations who are offering goods or services to individuals in the EEA or who are monitoring the behaviour of individuals in the EEA.

It also includes information for organisations carrying out cross-border processing of personal data in the EEA.

Hear from the ICO more regularly

To stay in the know, you can sign up to receive more regular emails from the ICO and be the first to hear of any updates to all our guidance, including our Brexit guidance.