If your business sends or receives personal information to or from countries in the EU, the ICO has advised that you need to act to ensure that data flow can lawfully continue and has produced a range of advice and guidance to help businesses comply with GDPR post-Brexit.  

At the moment personal data flow is unrestricted because the UK is an EU member state. But if the UK leaves the European Union with no deal, that will change, and additional measures will be needed to make sure your business complies with the law.  

It’s important you make sure your business is properly prepared for all exit scenarios, whether you’re a sole trader or small business or a large multi-national. 

The ICO’s guidance will help you work out what you need to do now, and then let you get back to your main focus: running your business.

Nicky Morgan, the Secretary of State responsible for data protection said:

“The Government has launched the UK’s biggest ever public information campaign to help businesses get ready for Brexit. A key part of that is making sure businesses can still lawfully send and receive data like customer and employee details. The ICO’s guidance sets out how you can prepare your business, and is essential reading.”

There’s dedicated guidance for smaller businesses on the ICO’s website. Even if you think your business doesn’t transfer data to or from the EU, I’d urge you to read what they’ve produced, and decide whether you need to do anything now to ensure you remain compliant with the law. If you do transfer data from the EU you may need to appoint an EEA Representative. You can find details of how to do that here.

Noel Guilford