Organisations face significant challenges as they navigate changes in the complex regulatory environment of data protection. Dealing with advances in technology, increased digitisation and more recently, Covid-19, means that organisations must ensure that their uses of data are fair, lawful, proportionate and accountable to ensure that they maintain trust and avoid adverse regulatory consequences.
Many daily transactions increasingly involve the sharing of personal data and it is important that organisations have operational processes that are compliant with data protection requirements. Since 2018, these requirements in the United Kingdom, as part of the European Union, have been set by the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
From the start of 2021, when the transition period for the United Kingdom’s exit from the EU comes to an end, the United Kingdom will have its own version of the GDPR in force. This will be known as the “UK GDPR” and will sit alongside the United Kingdom’s existing Data Protection Act 2018.
The EU version of the GDPR may also still apply to organisations in the UK that operate in Europe, offer goods or services to individuals in Europe, or monitor the behaviour of individuals in Europe. For more information about whether this may apply to you please click here.
To find out how we can help your organisation identify and implement the actions needed to ensure compliance with the UK and EU data protection regimes contact Joanna Boag-Thomson, Paul Carlyle, Ashley McLean or your usual Shepherd and Wedderburn contact.
- International data transfers – where are we now?
- New Standard Contractual Clauses…at long last, but what does this mean?
- Major disruption to US data transfers as EU-US Privacy Shield declared invalid by CJEU
- COVID-19: data protection and the return to work
- COVID-19: data and information management
- ICO issues first fine under the General Data Protection Regulation (GDPR)