Businesses and organisations need to take steps to ensure that data can continue to flow from the EU lawfully from 1 January, the Information Commissioner’s Office (ICO) has warned.
The ICO is calling on the UK’s businesses to check whether they are impacted by data protection law before the end of the UK’s transition period with the EU on 31 December.
The Wilmslow-based regulator is urging businesses to visit its website to view guidance and resources on the actions they may need to take if they use personal data.
Research indicates that sharing personal data is essential to running the majority of SMEs. Any businesses receiving data from organisations in the EU or European Economic Area (EEA) must take action to ensure the flow of data doesn’t stop.
Personal data is classed as anything that relates to an identifiable individual and can relate to information about both customers and staff. HR records, customer details, payroll information and information collected through cloud services are all forms of personal data and could be affected.
The ICO recognises that smaller organisations may not have dedicated data protection specialists to help with the preparations. It has therefore created specific guidance and resources to support SMEs to keep data flowing at the end of the transition.
Businesses are advised to continue complying with the Data Protection Act 2018 and General Data Protection Regulation (GDPR) and to prepare by understanding where the personal data they use comes from.
For most businesses and organisations, Standard Contractual Clauses (SCCs) are the best way to keep data flowing on EU-approved terms. The ICO website hosts an SCC Interactive Guidance tool to assist SMEs.
Businesses should also review their privacy information and any documentation to identify changes that need to be made at the end of the transition period.
As part of the negotiations, the EU is yet to make a decision as to whether it accepts that the UK’s data protection regime is still adequate. An adequacy decision is still possible but the timing is unclear.
Elizabeth Denham, Information Commissioner, said:
We appreciate there is a lot of pressure on businesses right now, especially given the impact of the pandemic. However, sharing personal data is essential to the running of many businesses and it is vital you take action to ensure that data can continue to flow.
“As we don’t know what the outcome will be from the EU, there is an even bigger need for businesses to prepare now.
“The ICO appreciates data protection can seem daunting to SMEs, which is why we have created a specific suite of products to help small businesses prepare. I encourage people to visit the ICO’s website to understand what steps they need to take and to keep up-to-date.”