Our company Our leadership Our values Events News Contact Us

Careers overview Current vacancieshiring Early Careers Benefits

Blogs Case studies Webinars White papers

Contact sales

Your priorities
The Platform
our solutions
- Audit & risk Audit and risk
  External Audit
  Improve the accuracy and efficiency of audits and build trust with clients.
  
  Internal Audit
  Gain total oversight and control of internal audit activity.
  
  Risk Management
  Centralize data for a holistic and strategic view of risk.
  
  Audit and risk solutions
  Audit and risk solutions that help you protect your business, engage with clients and have more strategic influence.
  Latest Gartner® Market Guide for EHS Software
  Download now
- DOCUMENT COLLABORATION DOCUMENT COLLABORATION
  Huddle
  Flexible and highly secure document collaboration for regulated industries.
  
  Mail Manager
  Email add-in for Outlook to boost productivity and improve document management.
  
  OnePlace Solutions
  Connect, simplify and personalize business systems built on Microsoft 365
  
  PleaseReview
  Real-time document review, co-authoring and redaction for regulated industries.
  
  Document collaboration solutions
  Bring teams and customers together with our document collaboration solutions to securely manage emails and documents.
  Latest Gartner® Market Guide for EHS Software
  Download now
- E-Learning and Content E-Learning & Content
  CompliSpace
  Policy, learning and assurance management to meet GRC obligations.
  
  WorkRite
  Workplace training and e-learning management system to meet regulatory requirements.
  
  E-learning and content solutions
  Meet regulatory requirements, bring policies to life, and keep employees safe with e-learning and content solutions.
  Latest Gartner® Market Guide for EHS Software
  Download now
- Environmental, Health and Safety Environmental, Health & Safety
  Coruson
  Aviation safety management for complete control and reporting of operational risk.
  
  EHS
  A unified EHS solution enabling employees to report incidents, identify risks in real-time and automate safety.
  
  Maritime safety
  A wealth of experience and expertly crafted product suites tailored to ensure safety in the maritime industry.
  
  Environmental, health and safety solutions
  Improve safety, reduce risk and enhance environmental, health and safety performance across your business.
  Latest Gartner® Market Guide for EHS Software
  Download now
- quality quality
  Quality Control
  Automate quality inspections and documentation to satisfy regulators and customers.
  
  Quality Management
  Digitalize your quality management processes for complete organizational insight.
  
  Smartforms
  Improve mobile incident and event reporting for real-time situational awareness.
  
  Supplier Management
  Gain real-time visibility over your supply chain, simplify compliance and protect your brand.
  
  Quality solutions
  QMS solutions to help take control and ensure quality in every step of the process to unlock your full potential.
  Latest Gartner® Market Guide for EHS Software
  Download now
- A-Z Products

Our company Our leadership Our values Events News Contact Us

Careers overview Current vacancieshiring Early Careers Benefits

Blogs Case studies Webinars White papers

Contact Sales

Contact sales

2024 Resilience nation report • Download now

Home
Thought Leadership
Blog
GDPR UK post-Brexit: Everything you need to know

GDPR UK post-Brexit: Everything you need to know

What are the key changes to the GDPR after Brexit?

If your organisation operates within the UK, you will need to comply with the 2018 UK data protection law. Since Brexit, the requirements of the EU GDPR have been incorporated into this, forming a UK-specific regime that is now referred to as the UK GDPR.

Ultimately, there are very few differences to the core data protection principles, rights and obligations that the UK once adhered to under the EU GDPR law. As such, the key requirements remain as follows:

Your website must obtain explicit consent from users before processing their personal data via cookies and third-party trackers
You must safely store and document every valid consent
Your website must enable users to easily change their consent if desired
Your website must give a set of rights to UK users, including the right to delete and the right to correct personal data that has already been collected

However, whilst the core definitions and legal terminology can all still be found in the UK GDPR, the UK regime does expand on or deviate from the EU GDPR in places, and UK businesses should be aware of the impact of this on the legal landscape of data protection moving forwards. These are predominantly in the areas of national security, intelligence services and immigration.

To help businesses navigate the new UK GDPR after Brexit, the UK Government has produced a keeling schedule, which is an unofficial document detailing the main legislation changes. We recommend referring to this for a precise view of how the UK GDPR has been created, and its similarities and differences to the EU GDPR.

Does your business still need to comply with the EU GDPR law?

Both the UK and EU regimes will likely apply to your business if you operate in the European Economic Area (EEA). This will also be the case if you offer goods or services to EU residents or monitor their behaviour.

Likewise, if you still process EU residents’ personal data, you will also be bound by the EU GDPR and may need to appoint an EU representative, who will act as a local contact for data subjects and key authorities on all matters relating to the processing of personal data.

Following Brexit, the UK has been specified as a third country by the EU under the GDPR. However, there is an interim period until June 2021 that ensures an unrestricted flow of data between both jurisdictions until an adequacy decision has been reached by the EU.

If organisations in Europe send you data, it may be necessary to reach a consensus on how they should transfer personal data to the UK in adherence with the UK GDPR, especially if the trade deal bridge ends inadequately.

What does your organisation need to do to meet the requirements of the new UK GDPR after Brexit?

Now that the Brexit deadline has passed, it’s essential to ensure your organisation is compliant with the UK GDPR. We highlight a few simple steps that you can take to smoothly bring your business practices in line with the new legislation, whilst minimising any disruption:

Amend your GDPR documentation

Now is the time to align your existing GDPR policies with the requirements of the new UK GDPR, which can be controlled easily through an enterprise risk management solution. Pay particular attention to Article 30 records, DPIAs, DSARs and privacy notices, as well as transborder data flow documentation, which should all echo the UK’s independent jurisdiction and the full scope of the new regulation.

Ensure effective consent management on your website

Whilst it’s imperative to meet the same high GDPR standards as before, these will now be enforced by the ICO in the UK and will undergo audits. Your website consent management should be able to accurately scan and detect all cookies, as well as automatically control them until the user has provided consent to the processing of their personal data. It should also make it easy for users to change their consent, request deletion of their data or corrections if required.

Plan for a ‘no deal’ scenario in relation to data transfer between the UK and EEA

It is still unclear as to whether the EU will grant the UK’s data protection regime as ‘adequate’. If it does not, then organisations that rely on personal data flowing between the two jurisdictions should keep abreast of updates from the ICO to ensure that their data processing agreements are aligned with a new data privacy regulatory landscape.

Discover how our powerful risk management software can help you react quickly to all regulatory and legal changes, including GDPR UK post-Brexit, to ensure your organisation’s compliance.

CONNECT WITH US

Solutions

AUDIT & RISK
External Audit
Internal Audit
Risk Management

DOCUMENT COLLABORATION
Huddle
Mail Manager
OnePlace Solutions
PleaseReview

E-LEARNING & CONTENT
CompliSpace
WorkRite

ENVIRONMENTAL, HEALTH & SAFETY
Coruson
EHS
Maritime Safety

QUALITY
Quality Control
Quality Management
Smartforms
Supplier Management

USEFUL LINKS

Sustainability report

CONNECT WITH US

Privacy policy Terms of use Data protection policy Environmental policy Sexual harassment policy Slavery and human trafficking statement