Will Brexit affect data protection in your organisation?
New guidance for small organisations
The flow of data between EU or EEA member states and the UK is vital for business. Businesses have to prepare for all Brexit scenarios.
You may think your organisation won’t be affected – but you must be sure.
The ICO’s new small business guidance will help you determine if your organisation’s data will be affected by Brexit and what steps you need to take to keep your data flowing.
How to keep data flowing after Brexit
ICO guidance for small organisations that receive data from Europe
If your UK-based small or medium sized organisation (SMO) receives data from countries in the EEA, the new ICO guidance will help you take steps to make sure data can continue to flow after Brexit.
Build a contract now to keep data flowing
In most cases, to keep data flowing into the UK, in the event of a no deal Brexit, UK based organisations will need a contract in place between them and the EEA-based sender.
The best way to do this is to put a contract in place now on EU approved terms, known as Standard Contractual Clauses (SCCs).
The ICO has created two interactive tools to help you build your own SCCs in about 10 minutes. The two tools are for:
- Controller to controller transfers; and
- Controller to processor transfers (where you are the data processor).
Don’t know if you need an SCC? Find out easily now
The ICO ‘keep data flowing from the EEA to UK’ interactive tool, for SMOs based in the UK, will help you decide whether your organisation needs SCCs to help you maintain the flow of data, and which SCC builder you need to use.
Guidance for large organisations that send or receive data to Europe
The ICO has more detailed guidance on international data transfers to help larger organisation prepare for all Brexit scenarios.
Prepare your European operations for a post-Brexit world
Guidance for large organisations with a European presence or customers
The ICO has more detailed guidance for large organisations who are offering goods or services to individuals in the EEA or who are monitoring the behaviour of individuals in the EEA.
It also includes information for organisations carrying out cross-border processing of personal data in the EEA.
Guidance for small organisations with a European presence or customers
If your SMO operates in the EEA, you will need to comply with both the UK and EU data protection regulations after Brexit. The new ICO guidance will help you take steps now to do so.