In less than a month from now, the General Data Protection Regulation (GDPR) comes into force across the EU. It is expected that businesses and charities across Ireland have taken the necessary measures, such as preparing new policies, appointing chief information security officers, restricting IT admin rights and installing firewalls and controls over company-owned devices, to ensure compliance with the Regulation.
The GDPR will apply to all EU member states; although the UK has voted to leave the EU, it is currently still a member, and therefore the GDPR will still apply. This means companies in Ireland and the rest of the EU can continue to send and receive personal data to and from companies within the UK.
The UK is set to leave the EU on 29 March 2019. From this date, the GDPR will no longer directly apply to organisations in Great Britain and Northern Ireland. However, any organisations trading in the EU and transferring data to the UK must ensure UK companies comply with the privacy requirements outlined in the GDPR.
The UK intends to address this challenge by updating its data protection regulations to reflect the goals of the GDPR. Last year’s Queen’s Speech noted the importance of data protection for the UK economy and that “over 70pc of all trade in services are enabled by data flows, meaning that data protection is critical to international trade”.
Under the GDPR, it is illegal to export EU residents’ personal data outside of the EU, unless those countries are considered part of the European Economic Area and recognised as third countries.
It is not yet known how the data protection landscape will fair under Brexit, and until then there is no need to make any changes. However, if your organisation stands to be directly impacted by Brexit and the GDPR, keep an eye on how the UK’s new Data Protection Bill is formed. If it is not enough for the UK to be considered a “third country”, then your business might need to consider a new legal framework.
How to achieve compliance
The good news is that many of the GDPR’s principles are similar to current data protection laws, which means that if you are currently compliant, most of your processes will remain valid. However, there are some important changes that you need to prepare for.
You can find out how to do this by enrolling on our Certified EU GDPR Foundation Training Course.
This course provides a comprehensive introduction to the GDPR and helps you understand the implications and legal requirements for all organisations affected by the Regulation.