This FAQ looks into the detail behind data security and the UK leaving the EU … what impact has Brexit had?
When Brexit ‘officially happened’ in legal terms, the ‘old’ EU laws switched over into English law – that’s what initially happened (in other words, there was no change to the rules). It’s enacted within the Data Protection Act 2018.
However, there are changes that need be made to contracts to represent the switch. We’re currently transitioning contracts across. The Data Protection Act will be referred to in contracts as opposed to GDPR – will require all of us to revisit our compliance processes and update for that.
There are no major changes at this point in time – but changes will come and contracts, processes and ways of working will need checking and revising.
So, what are the changes for us? Well, for AdvanceTrack to work with EU businesses then it’s ‘a different continent’, even for the Republic of Ireland. The reality is, we would not stray too far from GDPR anyway – it’s not in our interests to go backwards on privacy and security, we will always move forward.
It is worth noting that there are situations where an outsourced team in another country (for us, India), access data in the UK. In that instance the data’s ‘sovereignty’ doesn’t change, but it is still being processed abroad, which must be considered from a legislative perspective.
Alternatively, some outsourcers might say: ‘You log onto our servers but don’t worry about British data law.” Unfortunately that’s not correct. There’s case law that states you can’t avoid GDPR (or UK rules) even if data doesn’t ‘move’. Accountants should be very wary of the permutations when discussing terms and details with outsourcers.
Ultimately we will be compliant with both GDPR and UK data rules – see our multiple standards, which validate and assure this (click here for more).
If you’ve read our articles on GDPR and security, and would like to talk to us in more detail, don’t hesitate to get in touch by clicking here.