You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Home
Internal
Global
Contatto
de
|
en
|
it
Cinque nuovi Associate Partner per Rödl & Partner Italia |
In tutto il mondo
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
✕
Mondiale
Algeria
Angola
Arabia Saudita
Argentina
Australia
Austria
Azerbaigian
Bahrain
Belgio
Bielorussia
Bosnia ed Erzegovina
Botswana
Brasile
Bulgaria
Cambogia
Canada
Cile
Cina
Cipro
Colombia
Corea del Sud
Costa Rica
Croazia
Danimarca
Ecuador
Egitto
Emirati Arabi Uniti
Estonia
Etiopia
Finlandia
Flippine
Francia
Georgia
Germania
Ghana
Giappone
Grecia
Hong Kong
India
Indonesia
Irlanda
Italia
Kazakistan
Kenya
Kuwait
Lettonia
Libia
Liechtenstein
Lituania
Lussemburgo
Macedonia del Nord
Malesia
Marocco
Mauritius
Messico
Moldavia
Mongolia
Mozambico
Myanmar
Namibia
Nigeria
Norvegia
Nuova Zelanda
Oman
Paesi Bassi
Pakistan
Perù
Polonia
Portogallo
Qatar
Regno Unito
Repubblica Ceca
Romania
Serbia
Singapore
Slovacchia
Slovenia
Spagna
Sudafrica
Svezia
Svizzera
Taiwan
Tanzania
Thailandia
Tunisia
Turchia
Ucraina
Uganda
Ungheria
Uruguay
USA
Uzbekistan
Vietnam
Zambia
I nostri uffici Rödl & Partner
German Professional Services Alliance -
GPSA
�������������������������������������������������������������
(I colori appaiono al passaggio del mouse)
Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra
Cookie Policy
.
Servizi
Servizi legali
Compliance 231
Contenzioso societario e commerciale
Contrattualistica commerciale
Diritto alimentare
Diritto amministrativo
Diritto bancario
Diritto e consulenza del lavoro
Diritto farmaceutico e dei dispositivi medici
Diritto Penale
Diritto societario
Proprietà intellettuale
Servizi fiscali
Consulenza fiscale
Consulenza fiscale internazionale
Contenzioso fiscale
Transfer pricing
VAT & Indirect Taxes
Servizi interdisciplinari
Data Protection, Cyber Security & Innovation
E-commerce & Digital Law
Il percorso di quotazione per le PMI
Internazionalizzazione
M&A
Mobilità internazionale
Ristrutturazione e Procedure Concorsuali
Sostenibilità
Valuation
Whistleblowing
Revisione contabile
BPO & Tax Compliance
Formazione
Industry
Approfondimenti
Professionisti
Media
Rödl E-Book
RÖDL REPLAY - I NOSTRI WEBINAR
Newsletter
Legal Newsletter
Tax Newsletter
Data Protection Bites
Comunicati stampa
Comunicati operazioni
Rödl E-Book
Rödl & Partner sulla stampa online
Eventi
Su di noi
Currently selected
E-Book INTERNATIONAL VAT GUIDELINES
Uno studio internazionale
Le nostre sedi
Impegno sociale
Whistleblowing
Codice Etico
Modello 231
Sostenibilità
Carriera
Media
Pubblicazioni
Newsletter
Data Protection Bites
Data Protection Bites 2/2021
GDPR implications for the UK post-Brexit
Recent
Italian (Italy)
Currently selected
Consulenza legale, Consulenza fiscale, Audit, Servizi in outsourcing
Approfondimenti
Carriera
Cookie Policy
Cookie Policy
Eventi
Home
Informativa Privacy
Media
Privacy Policy
Professionisti
Servizi
Uno studio internazionale
Profile
Error 404!
Error 401!
Privacy
Disclaimer
Copyright
GDPR implications for the UK post-Brexit
Page Content
published on 23 February 2021 | reading time approx. 4 minutes
On 1st January 2021, the UK left the European Union. This means the EU GDPR no longer applies in the UK as it is an EU Regulation. GDPR was however incorporated into the UK data protection laws known as “UK GDPR”. This allowed the core principles and obligations to remain unchanged and the UK GDPR sits beside the Data Protection Act 2018.
The EU GDPR may still apply if parties are to provide goods and services to individuals across the EU. So it really comes down to how your business will operate moving forward.
The data protection provisions set out in the Withdrawal Agreement between the EU and UK explain that any data transfers up to and including 31st December 2020 requires the EU GDPR to be applied, whereas anything thereafter will require the application of the UK GDPR. It is therefore imperative for organisations to be able to identify when data was collated and where the relevant party was residing at the time the data was collected. This will ensure the data has been processed following the applicable legislation.
As part of the trade deal agreed between the UK and EU, the transfer of data restrictions has been delayed for up to 6 months. This allows countries to become familiar with the changes due to come into place and offers time to adjust their requirements. i.e. requiring an EU/UK representative if there is no relevant appointed party in the specific country. It also allows data to continue to be transferred freely in the interim.
Ways to determine if you require an overseas representative (UK or EU):
If your organisation does not have a branch, office or any other establishment in the country in question e.g. UK; and
Your organisation offers goods and services to individuals in UK; or
Your organisation monitors individual behaviours in UK
If the above applies, then you will need to ensure you are complying with the UK GDPR and the UK GDPR will require you appoint a representative in the UK.
The representative can be an individual, an organisation or a private company in the UK. The representative must be able to manage and represent your obligations under UK GDPR. Please note, that you should provide authorization (in writing) for your representative to act on your behalf to deal with any compliance matters, including communicating with data subjects and the regulatory body (ICO for the UK).
The ICO will continue to be the independent supervisory body for the UK’s data protection legislation. The UK government also intends to continue maintaining a close relationship with other countries’ supervisory bodies.
It is advisable for all UK companies to amend their GDPR documentation to ensure the reference is to UK GDPR moving forward.
Part 3 of the DPA 2018 still applies to relevant authorities processing for law enforcement purposes. Despite these particular rules originating from an EU directive, they are now set out in UK law and will continue to apply after the end of the transition period (with some expected minor tweaks to consider UK falling outside the EU).
It is certainly worth considering your policies and procedures to determine any amendments. If you require any assistance or guidance regarding this, please let us know. We can ensure this be done as seamlessly as possible to prevent any business disruption.
The ICO confirms the following:
The current Privacy and Electronic Communications Regulations rules cover marketing, cookies and electronic communications. They derive from EU law but are set out in UK law. They will continue to apply at the end of the transition period.
The EU is replacing the current e-privacy law with a new e-privacy Regulation (ePR). The new ePR is not yet agreed.
The Network and Information Systems rules cover network and information systems. They derive from EU law but are set out in UK law. They continue to apply.
If you are a UK-based digital service provider offering services in the EU, you may need to appoint a representative in one of the EU member states in which you offer services. You need to comply with the local NIS rules in that member state. If you also offer services in the UK, you also need to continue to comply with the UK rules regarding your UK services.
The eIDAS regulation covers electronic ID and trust services. It is an EU regulation and no longer applies in the UK. However, the government has incorporated the eIDAS rules into UK law. In practice, if you are a UK trust service provider, you should assume that you still need to comply with eIDAS rules.
The ICO have said however, if you offer trust services in the EU, you may also still need to comply with EU eIDAS law in EU member states. The UK no longer regulates that aspect of your services. We continue to work closely with EU supervisory authorities.
The Freedom of Information Act 2000 forms part of UK law and will continue to apply.
The Environmental Information Regulations will continue to apply unless specifically repealed or amended. They derive from EU law but are set out in UK law. The UK has also independently signed up to the underlying international treaty on access to environmental information (the Aarhus Convention).
Below is a fact sheet of the key differences between the UK GDPR and the EU GDPR:
BREXIT IMPLICATIONS
DPA 2018/ UK GDPR
EU GDPR
Definition of Personal Data
More limited definition – now defined as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
Personal data can include IP addresses, Internet cookies and DNA
Data Subject Rights
Data subject rights can be waived if they significantly hinder an organisation’s legitimate need to process data for scientific, historical, statistical and archiving purposes
Protects data subjects to personal data processing
Child consent age
A child can consent to data processing from the age of 13
A child can consent to data processing from the age of 16
Administrative fines
Maximum fine for non-compliance up to the amount of £17.5 million
The maximum fine for non-compliance is €20 million or 4% of annual global turnover
Representatives
Many non-UK data controllers and processors that offer goods and services to, or monitor the behaviour of, data subjects in the UK must appoint a representative in the UK
Many non-EU data controllers and processors that offer goods and services to, or monitor the behaviour of, data subjects in the EU must appoint a representative in the EU
Automated decision processing/making
Permits automated profiling subject to legitimate grounds for doing so
Data subjects have rights to refuse automated decision making or profiling
Processing of criminal data
Processors of criminal data do not require official authority
Processors of criminal data must have official authority to do so
Privacy vs Freedom of Expression
An exemption exists in relation to the processing of personal data if it is in the public interest
N/A
Sources:
https://ico.org.uk/for-organisations/dp-at-the-end-of-the-transition-period/information-rights-at-the-end-of-the-transition-period-frequently-asked-questions/?utm_source=twitter&utm_medium=iconews&utm_term=687f3f83-72f2-4217-8374-4230fc338f16&=utm_content%2cutm_campaign
https://www.itgovernance.co.uk/eu-gdpr-uk-dpa-2018-uk-gdpr
https://www.itgovernance.co.uk/dpa-2018
CONTACT
Kiran Munawar
Solicitor
+44 (0) 121 227 8963
Invia richiesta
RÖDL & PARTNER UNITED KINGDOM
Discover more about our offices in United Kingdom.
Read more »
DATA PROTECTION BITES
Our newsletter aims at collecting updates, news and insights on data protection matters worldwide,
with a special focus on the GDPR.
Read all releases »
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Deutschland
Weltweit
Search
Menu
