GDPR and Brexit: an update for employers

The General Data Protection Regulation (GDPR), is an EU legislation dealing with how personal data needs to be processed. It came into force in all EU member states nearly a year ago.

It is the toughest standard for data privacy, with harsh penalties (up to €20,000,000 or 4% of turnover (whichever is greater)).

But will the GDPR still apply to the UK after Brexit?

The short answer: Yes.

The GDPR will continue to apply to countries that provide or offer services to EU organisations. Or if they are processing personal data belonging to EU data subjects.

So if you plan to continue doing business with clients or suppliers in the EU; or you are undertaking projects in EU countries; or you will be processing personal data belonging to EU citizens after Brexit, you will need to maintain your GDPR compliance to avoid liability.

So what do you need to do, as a employer?

There has been much political drama surrounding Brexit, and the uncertainty of the withdrawal agreement continues until October 31.

However under the terms of this recent extension, it is still possible that the UK could leave the EU earlier if an agreement is accepted by MPs.

So, as an employer, you need to be sorting out things now.

An eye data processing GDPR Brexit

Protecting data after Brexit

Another consideration to motivation is cyberscurity.

The Hiscox Cyber Readiness Report 2019, says three out of five businesses reported a cyberattack in 2018 compared to 45% in 2017. It also stated firms are reporting incidents costing $369,000 on average in 2018, up 61% from $229,000 in 2017.

With GDPR now looming over companies with poor cybersecurity practices, they risk ever greater costs if data is compromised in an attack.

A good beginning is to audit your EU personal data flows. Once the UK leaves the EU, you will no longer be automatically able to receive personal data from the EU, and with our ex-Member State status, any business will need to adhere to extra compliance obligations contained in the GDPR.

You should audit your data flows now to identify whether you are receiving any personal data from 1) the EU or 2) regarding EU citizens.

Doing this audit will help you to identify whether any of your data is at risk. Whether any actions need to be taken by your business partners, clients or suppliers to ensure obligations are being met.

Ball and chain Brexit and GDPR

The GDPR compliance after Brexit

One of the most cost-effective ways to meet your obligation for GDPR compliance is through My Business Advantage. You can obtain high-quality GDPR- compliant documentation, which can be adapted to work across all facets of your business.

At £120 this is a fraction of what it generally costs to comply. It does not involve costly solicitor time to prepare documentation either – saving you £1,000s.

Plus you can claim an exclusive £30 discount to access the full suite of GDPR-compliant website documents. These include guidance notes for adapting them to your business and numerous other documents and templates to assist with compliance.

Just visit the GDPR benefit at and enter the code ‘practiceadvantage’.

< Back to My Business Advantage News