Following Brexit, the UK implemented its own data regulation guidelines this 2021 more commonly known as the UK GDPR. But how is this any different from the EU GDPR?
The UK GDPR supersedes the former data protection regulation of the European Union that took effect in May 2018. Along with the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act (DPA) 2018, it was implemented from 1 January 2021 under the EU Withdrawal Agreement Act 2020.
Starting 2021, the EU recognizes the UK as a third country, which would mean the UK would have to undergo the robust privacy and security law of the bloc. However, there has been a temporary unrestricted flow of personal data up to June 2021 between the two parties until the adequacy decision from the EU becomes finalized. As of this writing, the members of the European Parliament (MEP) are urging the European Commission to give their citizens higher privacy rights as the current draft risks their personal data for indiscriminate access.
The law applies to all UK-based organizations that collect, store, and process the personal data of people residing in the UK.
Non-UK entities are also subject to the local GDPR if they are offering goods or services, or monitoring the behavior of individuals in the state.
For both instances, you have two data protection laws to abide to:
All UK organizations bound by the EU GDPR are required to have an appointed EU representative to act on your behalf about the GDPR compliance and to deal with supervisory authorities about the matter. You will also have to keep your policies and processes in the loop with the new changes that may come.
The UK GDPR is a more intensive version of the EU GDPR. Although the former is relatively similar to the latter, there have been changes and expansion from the EU GDPR that further changes the legal measures of data flow in the UK, thus localizing it to what we know as the UK GDPR.
All changes made are found in the Data Protection, Privacy and Electronic Communications (EU Exit) Regulation (DPPEC).
Changes in the UK GDPR you may want to note are:
For non-compliance in the UK GDPR, your company is looking at a maximum fine of £17.5 million. On the other hand, breaching the EU GDPR results in a fine amounting to €20 million or 4% of annual global turnover – whichever is greater.
There are new key principles to study under the new regulations. The implications of the UK GDPR this 2021 impact practices from all verticals, and can have an adverse effect in your back-end support, such as in your finances.
This is where we come in. D&V Philippines can help you keep up with new UK rulings and post-Brexit changes through our experienced finance and accounting experts. You can check out our whitepaper, Your Talent Sourcing Partner to know how our talents can take care of your business needs.