5 min read

Writen by Zlatko Delev

Posted on: March 2, 2023

Does Brexit Mean Your GDPR Policies Are Out Of Date?

When did you last review your company’s GDPR compliance? If you haven’t given it a second thought since Brexit became a reality, it’s time you did. We explain why.

The General Data Protection Regulation (GDPR) celebrates its seventh anniversary in 2023. Post-implementation, most organisations collecting or using the data of EU subjects to carry out their activities developed a new level of understanding about their responsibilities towards data and data privacy. 

Yet time has a habit of slowing momentum. As GDPR became part of the day-to-day fabric of doing business with EU countries, so focus shifted to new challenges. That created an environment for things to slip, for eyes to be taken off the GDPR ball, and for practices to be challenged and clarified through the courts. Meta’s recent €390 million fine for ‘forcing consent’ to personalised ads is a perfect example of the latter.

Rather less dramatically, every day we hold conversations with fast growing companies in the US, UK and EU who suspect they should have updated their GDPR compliance practices but haven’t. 

And then there was Brexit.

How did Brexit affect GDPR?

The UK’s vote to leave the EU happened the same year as GDPR became a reality but transitional arrangements and negotiations over the Withdrawal Agreement Bill meant that Brexit only became a practical reality at the start of 2021. 

As a result, the UK amended the EU GDPR, effectively enshrining the same provisions under a new UK GDPR. Additionally, it amended the existing Data Protection Act 2018 to address privacy issues beyond the scope of GDPR.

The differences between the UK’s position on data pre-and post-Brexit aren’t huge, but if you deal with the data of UK citizens as part of your operations and haven’t updated your GDPR policies since Brexit, they are almost certainly now out of date.

Business operating in the UK will need to update their privacy policies and practices to ensure they comply with UK law. EU and US businesses trading with the UK, or UK businesses trading with the EU will need to ensure they comply with GDPR Article 27 (see below).

Are your GDPR policies compliant? Talk to our GDPR consultants.

GDPR: what changes have affected your organisation?

The core elements of GDPR may remain much as they were, but time has changed the playing field for many organisations, and in a range of ways:

Brexit implications: UK businesses offering goods or services to EU customers must now appoint a GDPR article 27 EU representative in one of the member states where data is processed. Their role will be to ensure compliance with GDPR Article 27. The same applies in reverse, so EU organisations trading in the UK will now need a GDPR Article 27 UK representative.

US companies which could once have operated with a single GDPR rep for all their data compliance with the EU and UK, will now need two: one to cover the EU; one for the UK.

Appoint your GDPR UK or EU rep now

Case law: The practical impact of any regulation often only becomes clear once it has had time to have been tested through the courts. 

Meta’s case, for example, clarifies the position regarding targeted ads (although we would question whether that was ever really in doubt), but other cases have brought greater clarity across a range of issues, from use of CCTV recordings, dashcams and smart doorbells to social media pictures. These have all become leading causes for individual GDPR fines.

Public understanding: Data subjects are now much more aware of GDPR regulations, their legal rights and (in particular) their right to complain to you and the Information Commissioner’s Office (ICO), regulator for the UK GDPR.

We would suggest that every organisation would want to be ahead of the public in terms of their understanding and application of—and compliance with—GDPR.

Bring your GDPR compliance up to date

Reviewing your GDPR procedures won’t be costly or time consuming, but it will give you the reassurance of knowing that your customers’ data, and your business’ reputation, are protected.

Talk to us about starting your GDPR review.

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.

Contact Us

Recent blogs

EU AI Act Summary: Key Compliance Insights for Businesses

The EU AI Act is a pioneering attempt to regulate AI systems, striving for a balance between foster

AI Act: Fundamental Rights Impact Assessments (FRIA) – Who, When, Why, and How to Ensure Ethical AI Deployment

The European Union (EU) has positioned itself as a leader in shaping the responsible development an

How the Privacy Act Protects Personal Information in Australia

 As cyber threats loom larger and data breaches become more common, the significance of strong

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us

Contact Us

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.

Full Name is required!

Business Email is required!

Company is required!

Please accept the Terms and Conditions and Privacy Policy