Home Forums Business Opportunities Business Support Some thoughts on GDPR, your business ... and Brexit!

Create a New Topic

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • tracey-simplewebcompany
    Post count: 10

    Mentioning GDPR and Brexit in one post??... enough to switch anyone off 😉 However, we do need to think about the "What if" scenario of what we need to plan for in the event that we have a no-deal Brexit.
    In fact, even with a deal things will change, but not quite as dramatically as without one.

    I'm Tracey Rissik of The Simple Web Company, and I've been helping my clients to ensure that their websites are GDPR compliant since the new Privacy and Data Protection regulations became law in 2018 - and I want to continue to give tips and practical help , hence this post. I'm not a lawyer so can't advise, but I can give you some points to think about and prepare for in your own businesses.

    Firstly, just to remind anyone who can't remember what GDPR is:
    > The General Data Protection Regulations (GDPR) came into force in May 2018 and cover the processing and storage of personal data held by businesses. If you operate internationally or exchange any personal data with business partners in other countries, you have to comply with GDPR
    > Currently we are treated as part of the EU of course, but when Brexit happens, we in the UK will become a "third party" to the EU and will be treated like other countries such as the US when it comes to the actions we have to take with regards to the personal data of EU citizens in our businesses.

    As we don't yet know what sort of outcome is going to be agreed over the next few months, it's tricky for anyone to give any precise information or suggestions, but here are 6 tips that will help you in all scenarios:

    1) Make sure you continue to maintain (or work towards) GDPR compliance in your business. If you are in business and hold any personal information (even if your clients or corporations) then you will almost certainly need to be GDPR compliant. There are very few exceptions to this; the Information Commissioners website will help you with this.
    2) You need to identify data in your process and systems that is received FROM anyone in the EEA (yes, the EEA, not just the EU). This is the first step , after which you can begin to identify what steps you may need to take to ensure that this flow of data can continue legally after we leave the EU.
    3) You also need to identify what data YOU send outside of the UK as you will need to ensure that you comply with all new UK provisions when Brexit is finalised.
    4) Review your whole business (including processes, systems and data) so you can assess how Brexit will affect the rules and laws you need to abide by, within and without the UK
    5) Review your legal documents (Privacy notice, internal documents etc.) that may need to be amended once Brexit is finalised
    6) Plan for what you will need to do as we go through Brexit. If you have a Data Protection Officer for example, make sure they are kept aware of all upcoming changes.
    Knowledge is power!

    I hope this helps! If you haven’t’ yet started preparing your business for GDPR, check out everything on the ICO’s website http://ico.org.uk/ - the Information Commissioners Office is the source of all information, legislation and ultimately any fines or sanctions if the law is broken, so that’s a good place to start.
    I can also recommend a few resources (such as a paid-for template pack for all legal documents you need) so get in touch if you want more info.

    Good luck!
    Tracey Rissik


    Post count: 10

    Update : July 2019

    Since I wrote this in March this year, of course the Brexit deadline has moved to October 31st (at the time of writing) and we are still faced with the possibility of a no-deal Brexit - so the info in this post is still as relevant as before!

    The chief of the ICO (Information Commissioners Office) recently reminded us that ALL businesses, no matter how small, that store personally identifiable information (even if it just a name and phone number on your phone that you use for business) must comply with GDPR.

    Get in touch with me at tracey@thesimplewebcompany.com if you would like to know more about my package that helps small businesses get ready practically for GDPR.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.