ICO Calls on UK Businesses to Ensure Lawful Flow of Data Under GDPR as Brexit Transition Period Ends

Reading time: 3 min
Share this Share on email Share on twitter Share on linkedin Share on facebook
  • SMEs must check whether they are impacted before the end of the UK’s transition period with the EU
  • Watchdog offers guidance and resources on the actions they may need to take if they use personal data
  • Update offers a reminder of what personally identifiable information (PII) is and how it’s classified

The Information Commissioner (ICO) is calling on businesses in the UK to check whether they are impacted by data protection law before the end of the UK’s transition period with the EU on December 31.

Organizations affected by European data protection laws – like the notoriously-stringent GDPR –are urged to take steps to ensure that data can continue to flow from the EU lawfully from January 1, according to the watchdog.

It directs businesses to visit ico.org.uk/keepdataflowing to view “guidance and resources on the actions they may need to take if they use personal data.”

The notice points out that, while sharing personal data is essential to running the majority of small and medium-sized businesses, “any businesses receiving data from organizations in the EU or European Economic Area (EEA) must take action to ensure the flow of data doesn’t stop.” That includes both small businesses and the largest of enterprises.

The update offers a reminder of what personally identifiable information (PII) is and how it’s classified, including HR records, customer details, payroll information, as well as data collected through cloud services.

To support smaller organizations without dedicated data protection specialists to help with the preparations, the ICO has created specific guidance and resources.

Affected entities are informed that the EU is yet to decide whether to accept the UK’s current data protection regime as adequate.

“Businesses are advised to continue complying with the Data Protection Act 2018 and General Data Protection Regulation (GDPR) and to prepare by understanding where the personal data they use comes from,” the announcement states.

“As we don’t know what the outcome will be from the EU, there is an even bigger need for businesses to prepare now,” said Information Commissioner Elizabeth Denham.