A new guide has been published by the Brexit Working Group of the Construction Leadership Council (CLC) to help companies manage their data protection and General Data Protection Regulation (GDPR) compliance ahead of the UK’s exit from the transition period with the European Union at the end of the year.
GDPR applies to all companies based in the EU and those with EU citizens as customers. It has an extraterritorial effect, so non-EU based companies that operate in the EU must also comply with the GDPR.
Even though the UK has left the EU and is in a transition period, UK companies will still need to comply with European GDPR rules because it is likely that they offer goods or services or monitor individuals in the EU.
Currently, the GDPR is incorporated into UK law and Ministers have not indicated that this situation will change. However, it is likely that in the future, the UK and EU’s GDPR will diverge and so businesses will need to consider ensuring they keep abreast of both UK and EU data laws.
The guide supports businesses to understand the challenges faced and offers solutions via recommendations for action and additional resources.
The guide prompts action on the following themes:
- Using Brexit as an opportunity to review and update data inventories or Records of Processing Activities
- Considering relationships and agreements with third party processors
- Regularly reviewing government guidance
The guidance was produced under the stewardship of Amy Chapman, Group Legal Director of MACE and Celia Carlisle, General Counsel of Tideway.
To access the guide click here.