Data, Intellectual Property and Copyright law
NEW: Using personal data in your business or other organisation: Guidance has been issued on what action you need to take regarding data protection and data flows with the EU/EEA. For more information, click here.
NEW: Retaining protection in the UK for EU Intellectual Property rights: Guidance has been issued with information on retaining protection in the UK for EU Intellectual Property rights. For more information, click here.
UPDATED: Intellectual property after 1 January 2021: There have been changes to UK intellectual property law to ensure the UK’s departure from EU IP systems. For more information, click here.
UPDATED: Changes to copyright law from 1 January 2021: Guidance covering the impacts on UK right holders and users including businesses, cultural heritage institutions and consumers has been updated to reflect that the end of the transition period. For more information, click here.
Personal data is any information that can be used to identify a living person, including names, delivery details, IP addresses, or HR data such as payroll details. Most organisations use personal data in their daily operations. If you receive personal data from the EU for business use, you may need to take action on data protection. Additionally, if you provide online service in the EU, you will have to ensure that you are compliant with relevant requirements in each EU country you operate in.
✓ Be prepared on data protection and data transfers.
If you’re a business or organisation that receives personal data from the EU/EEA, you may need to take action on data protection as we transition to our new relationship with the EU. Check how you can legally continue to receive personal data such as names, addresses or payroll details from organisations in the EU or EEA from 1 January 2021. You may need to update your contracts or take other steps. A UK company that receives customer information from an EU/EEA company, such as names and addresses of customers, suppliers or partners to provide goods or services should check how they can legally keep receiving the data from 1 January 2021.
To understand more about the steps you need to take, visit: https://www.gov.uk/guidance/using-personal-data-after-brexit. A full list of EU and EEA countries is available at: https://www.gov.uk/eu-eea.
✓ Replace .eu top level domain names
If you hold a .eu domain, check if you need to replace it. From 1 January 2021, you’ll no longer be able to register or renew .eu domain names if your organisation, business or undertaking is established in the UK but not in the EU/European Economic Area (EEA), or if you live outside of the EU/EEA and are not an EU/EEA citizen. Find out more at: https://www.gov.uk/guidance/eu-domain-names-what-you-need-to-do-to-get-ready-for-brexit.
✓ If you provide online services to countries in the EEA, check if rules in those countries newly apply.
The eCommerce Directive currently allows UK based online service providers to operate in any EEA country, while only following relevant rules in the country in which they are established. This framework will no longer apply to UK providers from 1 January 2021.
You should consider whether your services are currently in scope of the Directive, and if so, ensure that you are compliant with relevant requirements in each EEA country you operate in. Depending on the nature of your online services you may already comply with these requirements.
✓ Ensure compliance with Network and Information Systems Directive if operating in the EU/EEA
If your business is a UK based Digital Service Provider to the EU/EEA, make sure you comply with the Network and Information Systems Regulations and the associated EU Directive from 1st January 2021. The Network and Information Systems Directive provides legal measures to boost the overall level of network and information system security in the EU. To comply, you must appoint a representative in one of the EU member states where you offer services.
Other useful links:
▪ ICO Website - Data protection at the end of the transition period: https://ico.org.uk/for-organisations/data-protection-at-the-end-of-the-transition-period/.
▪ Legal aspects of information society services: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32000L0031.