ICO Guidance and resources for organisations after Brexit

News

ICO Guidance and resources for organisations after Brexit

Business Crime Team
13th March 2019

Find out guidance on how to remain compliant and your obligations regarding data protection processing after Brexit

Does this guidance apply to us?

Leaving the EU: 6 Steps to Take – Download

 

You should read this guidance if you are a business or organisation based in the UK and the GDPR or Part 3 of the Data Protection Act 2018 currently applies to your processing of personal data.

It is particularly relevant to UK businesses and organisations which:

  • operate in European Economic Area (the EEA), which includes the EU; or
  • send personal data outside the UK; or
  • receive personal data from the EEA.

This guidance is not aimed at individuals and, if needed, ICO will provide guidance

You should also read this guidance if you are a UK business or organisation and any of the following regulations apply to you:for individuals in due course.

  • the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR);
  • the Network and Information Systems Regulations 2018 (NIS); or
  • Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS).

Overview

If you are a UK business or organisation, we have set out the key practical points and preparations for you to consider if the UK were to exit the EU without a deal on 29 March 2019.

This guidance covers the following laws that are regulated by the ICO, which will be affected by the UK exiting the EU:

The GDPR
The General Data Protection Regulation (GDPR) is EU law that regulates the use of personal data in the EEA and is relevant to most businesses and organisations.

The Data Protection Act 2018

The Data Protection Act 2018 came into force in the UK at the same time as the GDPR took effect. It covers four data protection regimes:

Part 2, Chapter 2: General processing – the GDPR – this chapter supplements the GDPR so that it operates in a UK context.
Part 2, Chapter 3: Other general processing – this chapter applies a UK version of the GDPR (the “applied GDPR”) to those areas outside the scope of EU law, such as defence.
Part 3: Law enforcement processing – this chapter brings into UK law the EU Data Protection Directive 2016/680 (the Law Enforcement Directive).
4. Part 4: Intelligence services processing

The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and the upcoming e-Privacy Regulation

Network and Information Systems Regulations 2018 (NIS)

Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS)

 

 

Continue reading…

MENU
%d bloggers like this: