I could hazard a guess that the data protection implications of the UK leaving the EU and the status of the ‘adequacy decision’ are not currently at the top of the list of things you are unduly concerned about.

If, however, you supply or receive goods or services from EU countries, you should be aware that there will be changes on 1 January 2021 (whether or not we do a ‘deal’ with the EU) to the way you handle the personal data you collect from those countries.

Elizabeth Denham, the Information Commissioner said this week:

“The end of the transition period may bring the most significant change to data protection in the UK since the implementation of the GDPR three years ago.
There remains hope that an adequacy decision may yet be reached, which would allow the UK to continue to access the free flow of personal data provision granted for those within the EU. But organisations cannot rely on this.
The stakes are too high, with the risk that the data flow tap from the EU is turned off, and with it the flow of HR records, customer details and data from cloud services.”

As you’d expect there is a lot of information available on the ICO’s website which you can find in this article for small businesses and this FAQs.

Don’t get caught out by being unprepared.

Noel Guilford