This information is created on guidance from the Information Commissioner, the British Chambers of Commerce and our local Data Protection Consultancy, Lighthouse IG. This guidance will help Chambers Members ensure that they can continue to send personal data to and from Europe (the EEA) after Brexit. (The EEA is the EU plus Iceland, Norway and Liechtenstein.)
Please note, to dispel a large myth doing the rounds, regardless of how we leave the EU most of the data protection rules affecting small to medium-sized businesses and organisations will stay the same. The UK Government has stated many times that it is committed to maintaining the high standards of the GDPR (General Data Protection Regulation) and the government plans to incorporate it even further into UK law after Brexit.
If you are a UK business or organisation that already complies with the GDPR and has no contacts or customers in the EEA, you do not need to do much more to prepare for data protection compliance after Brexit.
If you are a UK business or organisation that receives personal data from contacts in the EEA, you need to take extra steps to ensure that the data can continue to flow after Brexit.
If you are a UK business or organisation with an office, branch or other established presence in the EEA, or if you have customers in the EEA, you will need to comply with both UK and EU data protection laws after Brexit. You may also need to designate a ‘representative’ in the EEA (a legal entity belonging to you that is your legal ‘presence’ within the EEA.
The guidance and resources on this page will help you understand whether you will be affected and to find out how you need to prepare. It also links to additional guidance about how to improve your data protection knowledge and compliance.