The GDPR has been a welcomed part of our lives now for nearly 3 years. Initially introduced as EU legislation back in May 2018, the purpose of the GDPR was to strengthen and unify data protection across all countries within the European Union. The positive effects of the GDPR have extended beyond the EU since then and this has put the spotlight on data protection all over the globe.
The UK exited the EU on 31st January 2020 and entered a transition period until 31st December 2020. It was always in the UK Government’s best interest to maintain the same levels of data protection achieved through the GDPR, therefore on 1st January 2021 the UK gained full autonomy over its data protection laws and a new Trade Deal was agreed between the EU and the UK.
Enter the UK GDPR.
In this short blog, we will briefly analyse the UK and EU GDPR legislation, highlighting the changes and what effect this might have on your organisation when processing and handling data.
Four Month Data Bridge in Line With the New Trade Deal
Firstly, to ensure a smooth transition of the new Trade Deal, for both the EU and the UK, a four-month delay on restrictions, with a potential further two-month bridge extension, was introduced in January 2021. This enables data to continue to be interchanged whilst final changes are being implemented.
Data Collected Before the End of the Transition Period
You and your organisation need to take stock of your data so that you can identify overseas data acquired before 1st January 2021. This data will still be subject to the EU GDPR.
Data collected after 31 December 2020 will need to comply with the UK GDPR and, as before, the UK Data Protection Act 2018.
Organisations need to know when the data was collected and where the data subject lived before 1st January 2021 to ensure compliance with the appropriate legislation.
Who will Regulate the UK GDPR?
The ICO (Information Commissioner’s Office), the previous leading UK authority, will become the leading supervisor, regulator and enforcer of the UK GDPR. Following the transition period, the ICO has engaged with the UK government to continue to work at maintaining close working relationships between the UK and the EU supervisory authorities now the UK has left the EU.
Complying with the EU and UK GDPR
Any website or organisation, located anywhere in the world, that processes the personal data of individuals located inside the UK, are bound to comply with the UK GDPR. Though they are not following a new set of rules and regulations, it should still be acknowledged that data from within the UK must comply with the UK GDPR.
Age of Valid Consent
Lastly, a notable difference from the EU GDPR to the new domestic UK GDPR is that the age of valid consent is lowered to 13 years in the UK (16 years in the EU).
At this point it is quite clear that the UK GDPR is not a great deal different to the EU GDPR. With the initial purpose of the GDPR being to unify and strengthen data protection, it should be expected that this will be the standard for many years to come.
Training employees on the GDPR brings everyone up to the same level of understanding, reduces the risk of your organisation suffering a data breach (in turn helping you to avoid hefty fines) and most importantly provides your organisation with evidence of training records, should this be required by the ICO.
Our Fully Managed GDPR Awareness course covers all the key areas and is up-to-date with both the EU and UK GDPR.
- Fully managed – set up, deployed and reported on for you
- Online eLearning – (25 minutes) easily accessible for remote workers
- Suitable for all employees
- Reported evidence of training and understanding
- Staff turnover included at no extra cost
- Interactive quiz which uses tracked results to demonstrate staff understanding
- Multiple language support
- Additional training materials such as posters and infographics.
For more information and a free preview of our course, visit our GDPR Awareness page.