Organisations face significant challenges as they navigate changes in the complex regulatory environment of data protection. Dealing with advances in technology, increased digitisation and, more recently, COVID-19, means that organisations must ensure their uses of data are fair, lawful, proportionate and accountable to ensure that they maintain trust and avoid adverse regulatory consequences.
Many daily transactions increasingly involve sharing personal data and it is important that organisations have operational processes that are compliant with data protection requirements. Prior to Brexit, these requirements in the United Kingdom, as part of the European Union, were set by the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
Since the start of 2021, when the transition period for the United Kingdom’s exit from the EU came to an end, the United Kingdom's own version of the GDPR has been in force. This is known as the “UK GDPR” and sits alongside the United Kingdom’s existing Data Protection Act 2018.
The EU version of the GDPR may also still apply to organisations in the UK that operate in Europe, offer goods or services to individuals in Europe, or monitor the behaviour of individuals in Europe. For more information about whether this may apply to you please click here.
To find out how we can help your organisation identify and implement the actions needed to ensure compliance with the UK and EU data protection regimes contact Joanna Boag-Thomson, Paul Carlyle, Ashley McLean or your usual Shepherd and Wedderburn contact.