Business Secretary Alok Sharma has written to businesses with guidance on how to ensure that they are still able to share personal data – such as customer details, or payroll data – between the UK and the EU after 31 December.
Here’s the advice that he shared with businesses:
Personal data is any information that can be used to identify a person, including names, delivery details, IP addresses, or HR data such as payroll details. Most organisations use personal data in their daily operations.
An example of this is a UK company that receives customer information from an EU company, such as names and addresses, to provide goods or services.
If you receive personal data from the EU/EEA, I urge you to act now to ensure you can continue to lawfully receive data from your clients in the EU from 1 January 2021, whatever the EU decides. Specifically, this means:
- You should take stock of the personal data you process prior to 1 January 2021.
- If you receive personal data from a company based in an EU/EEA country, you should map your data flows and put in place alternative transfer mechanisms, such as Standard Contractual Clauses (SCCs), with any relevant EU organisations (the EU has yet to make a decision as to whether they accept that the UK’s data protection regime is still adequate).
- Visit UK/using-personal-data-2021 for guidance on the actions your business or organisation needs to take regarding data protection and data flows.
Find more information to help your business prepare in our Brexit Transition toolkit.