Included in their deviation from the European Union, the UK is set to make major modifications to their data privacy laws as well. How is the British government planning to implement the policies in the new UK GDPR after Brexit?
The EU GDPR ceased to directly apply in the entirety of the United Kingdom and its jurisdiction after 31 December 2020. After the Brexit, the Data Protection Act (DPA) 2018 continued to apply in the UK to fit local accommodations which we know now as the UK GDPR.
Culture Secretary Oliver Dowden said in a statement that UK’s official independence from the EU can be an end to the ‘irritating cookie popups and consent requests online’. He asserts that the rules should be based on ‘common sense, not box-ticking’. This is further buoyed by the new leadership of John Edwards in the Information Commissioner’s Office (ICO) as well, saying that ‘the UK is about to develop a world-leading data policy that will deliver Brexit dividends for individuals and businesses across the country.’
The EU-UK Trade Cooperation Agreement (TCA) not only covers terms of products, services, and immigration. It also yields the data protection measures of both parties for the years ahead.
The TCA included a grace period from 1 January to 30 June 2021 at the onset of the post-Brexit phase. This is to make time for adjustments in the data processing to and from the EU and UK, and vice-versa. In this temporary reprieve in the new General Data Protection Regulation (GDPR) agreement, the European Union also landed with an adequacy decision about UK’s data protection laws.
The European Commission has adopted the provisions under GDPR and the Law Enforcement Directive while ensuring the appropriate TCA imposition that basically covers legal matters of data protection. Take a look at some of its key elements:
UK’s GDPR is a word-per-word mirror of the EU version with alterations on any EU references in the law (e.g. EU Commission, EU Parliament, EU Court of Justice) and other marginal modifications the British government deems appropriate. It’s still substantially containing the same rights.
The UK now has the power to expand on and diverge from the previous GDPR they adhere to. Amendments to the law have been published by legislation.gov.uk. Take a look at some of the updates in the UK GDPR regulations:
For accountancy organisations in the UK, a new framework for data protection parallels new paperwork and compliance. But since EU’s and UK’s GDPR is almost the same, you only have to watch out for the said marginal changes.
As primary data handlers, you are being held accountable for protecting the sensitive data of your clients. The GDPR is their safeguard that processing of their information is done under the law. Accountants, data controllers, and data processors must present evidence that their subjects explicitly gave their consent to capture and process their data, with a clear purpose on why it is needed and how the info will be managed.
Documenting the processing activities is now required under the new GDPR. This is to make sure you are fully compliant with their data protection law.
See here the mandatory documents for GDPR compliance as per the ICO.
For best practices, you should:
You can read more about them on the ICO’s page.
We remain to see how UK’s departure from the union will affect its data protection policies over the course of the years. The proposed overhaul of the UK GDPR after Brexit is still in talks, and the ICO has continuous negotiations with the EU about data transfer between the two parties.
In the interim, you need to make sure your organisation is well-compliant with the tighter security measures in the UK. It’s going to be a time-consuming responsibility, so why not let us take care of your finance and accounting processes?
Learn more about our bespoke back-office accounting outsourcing solutions that fully grasp and comply with the GDPR regulations today. Grab your copy of our latest whitepaper D&V Philippines’ Solutions for Modern Accounting Firms today to know how we can add value to your F&A services or talk to our account managers about your accounting needs.