Context
The ICO is calling on UK business to check whether they are impacted by data protection law following the end of the UK’s transition period with the EU on 31st December 2020.
Key points to note
- The ICO is urging business to visit https://ico.org.uk/for-organisations/data-protection-at-the-end-of-the-transition-period/ to view guidance and resources on the actions that may need to be taken in relation to personal data
- Businesses are advised to continue complying with the Data Protection Act 2018 and the GDPR and to prepare by understanding where the personal data used comes from
- For most businesses and organisations Standard Contractual Clauses (SCCs) are the best way to keep data flowing on EU-approved terms. These are a standard set of contractual terms and conditions to which the sender and receiver of personal data both sign up; they include contractual obligations to protect the data when it leaves the EEA and the protection of the GDPR.
- A review of privacy information and documentation should also be reviewed to identify any changes required following the end of the transition period
- The EU is yet to make a decision as to whether it accepts that the UK’s data protection regime is adequate and the timing for this decision is unclear