Blog

GDPR Post-Brexit – Your Pressing Questions Answered

Posted on by Risk Crew
GDPR Post Brexit
30
Mar

In our recent webinar, ‘6 Things to do to Meet GDPR 3rd Country Requirements’, we provided information on how data privacy requirements may change and why organisations should prepare now. The webinar ended with a Q&A session with our data privacy and protection expert, Ursula Baye.

In this post, we list the answers to those questions asked by individuals looking to get a head start on data protection post-Brexit transition period ending December 2020.

Some pressing questions asked were:

Q: Do you think the UK automatically be awarded adequacy status?

A: No, the adequacy status will not be awarded to the UK automatically. The commission has stated that it will endeavour to adopt an adequacy decision by the end of 2020.

Q: How long do we have to appoint an EU Rep?

A: The UK is set to leave the EU at the end of 2020 and, as soon as it does, organisations based in the country are legally required to have an EU representative. A representative should be in place.

Q: Will there be a recommended DPIA format to complete? Or when will the 3rd party template changes from the ICO be available?

A: The ICO has not released any new templates. However, we will update this blog if and when this changes.

Q: What data breach cases paved the way for the new legislation?

A: To name a few…

  1. Wonga loans: Wonga, the payday loan company, was hit by a huge data breach in 2017 that compromised the bank details of 250,000 customers.
  2. Morrison’s supermarket: The supermarket chain fell victim to an internal attack that led to 100,000 employee’s personal details being leaked.
  3. Brighton and Sussex University Hospital: These hospitals were fined £325,000 over the theft of thousands of patient’s data. The sensitive information, which included medical results, was reportedly put up for sale on eBay.
  4. LinkedIn: The social media platform suffered a data breach that compromised the personal information of 165 million user accounts. The data has since been reported as up for sale on the dark web marketplace.

Q: I have locations in the UK, Ireland and France. Can I appoint my legal staff member in my Ireland office as my EU representative?

A: With bases in these countries…Ireland and France an EU representative is not needed. If your data processing or monitoring extends to other EU member states, you’ll probably be required to appoint an EU representative. One of the exemptions is that organisations that have an office and employees based in the EU.

Get the Full Webinar Recording On-demand: 6 Things to do to Meet GDPR 3rd Country Requirements

 

Risk Crew