How do we attain this? By having equivalent data protection laws. In which case, we will still need to comply with General Data Protection Regulation (GDPR) standards.Even if the UK does not aim for the lofty heights of equivalent data protection laws, many organisations in the UK will still need to comply with GDPR standards and here’s why: If personal data is transferred to a non-European Economic Area (EEA) country, other than for ad hoc data transfers which fall within the ‘permitted transfers’ list, a mechanism such as Binding Corporate Rules or Model Contracts will need to be used. For example, a company has shared HR services/systems. Servers are in the Netherlands but accessible from the UK. This will involve a personal data transfer to the UK. Model Contracts would need to be put in place (assuming they are still around by 2018 given Max Schrems is now also challenging Model Contracts before the Irish data protection regulator). Intra-group Model Contracts will involve commitments by the UK recipient to data protection compliance principles equivalent to those in Europe. From May 2018 that means complying with GDPR standards.
Read more on data:
- Barclays encourages UK SMEs to use big data for growth with new online service
- Companies that safeguard data privacy will reap rewards
- Security of personal data – are you complying with your obligations?
Share this story