Data protection
Data Protection and Brexit - Is your organisation prepared? 29 January 2019
Businesses and charities need to continue to comply with data protection law after 29 March if the UK leaves the EU without a deal.
If your organisation shares personal data with organisations in the European Economic Area (EEA), you will need to take steps to ensure you continue to comply with data protection laws if the UK leaves the EU without a deal. For UK businesses that only share data within the UK, there will be no change.
Personal data refers to any information that can be used to identify a living individual, including a customer’s name, their physical or IP address, or HR functions such as staff working hours and payroll details.
The UK does not intend to impose additional requirements on transfers of personal data from the UK to the EEA, therefore, organisations will be able to send personal data to organisations in the EEA as they do currently.
However, transfers of personal data from the EEA to the UK will become restricted once the UK has left the EU.
Therefore, if your organisation receives personal data from organisations in the EU you should consider, with your EEA partners, what changes you may need to make to ensure that personal data can continue to flow after the exit date.
These changes will affect organisations both large and small. To help your organisation take the right action now use the Information Commissioner’s Office’s (ICO) guidance and follow its 6 steps checklist.
Further information •
7 questions to get guidance relevant to your business when the UK leaves the EU • ICO Guidance and resources for organisations after Brexit • General Data Protection Regulation (GDPR) guidance
Back to Contents
ICO Codes of Conduct 10 May 2019
Under the GDPR, trade associations and representative bodies may draw up codes of conduct that cover topics important to their members, such as fair and transparent processing, pseudonymisation or the exercise of people’s rights. This is a great way of providing sector specific guidance about data protection law. They are a good way of developing sector-specific guidelines to help with compliance with the GDPR. There is a real benefit to developing a code of conduct as it can help to build public trust and confidence in your sector’s ability to comply with data protection laws. The ICO submission process for Code of Conduct approval will open following the approval of European Data Protection Board guidelines (due Autumn 2019). However, in the meantime the ICO is welcoming enquiries from representative organisations who are considering developing codes of conduct, and will offer support and guidance. You can contact the ICO by email at codesofconduct@ico.org.uk.
Why sign up to a code of conduct?
Adhering to a code of conduct shows that you: • follow GDPR requirements for data protection that have been agreed as good practice within your sector; and
The Chartered Institute of Payroll Professionals
Payroll: need to know
cipp.org.uk
Page 85 of 629
Made with FlippingBook - Online magazine maker