Personal data is any information that can be used to identify a living person, including names, delivery details, IP addresses, or HR data such as payroll details. Most organisations use personal data in their daily operations. If you receive personal data from the EU for business use, you may need to take action on data protection. Additionally, if you provide online service in the EU, you will have to ensure that you are compliant with relevant requirements in each EU country you operate in.
✓ Be prepared on data protection and data transfers.
If you’re a business or organisation that receives personal data from the EU/EEA, you may need to take action on data protection as we transition to our new relationship with the EU. Check how you can legally continue to receive personal data such as names, addresses or payroll details from organisations in the EU or EEA from 1 January 2021. You may need to update your contracts or take other steps. A UK company that receives customer information from an EU/EEA company, such as names and addresses of customers, suppliers or partners to provide goods or services should check how they can legally keep receiving the data from 1 January 2021.
To understand more about the steps you need to take, visit: https://www.gov.uk/guidance/using-personal-data-after-brexit. A full list of EU and EEA countries is available at: https://www.gov.uk/eu-eea.
✓ Replace .eu top level domain names
If you hold a .eu domain, check if you need to replace it. From 1 January 2021, you’ll no longer be able to register or renew .eu domain names if your organisation, business or undertaking is established in the UK but not in the EU/European Economic Area (EEA), or if you live outside of the EU/EEA and are not an EU/EEA citizen. Find out more at: https://www.gov.uk/guidance/eu-domain-names-what-you-need-to-do-to-get-ready-for-brexit.
✓ If you provide online services to countries in the EEA, check if rules in those countries newly apply.
The eCommerce Directive currently allows UK based online service providers to operate in any EEA country, while only following relevant rules in the country in which they are established. This framework will no longer apply to UK providers from 1 January 2021.
You should consider whether your services are currently in scope of the Directive, and if so, ensure that you are compliant with relevant requirements in each EEA country you operate in. Depending on the nature of your online services you may already comply with these requirements.
✓ Ensure compliance with Network and Information Systems Directive if operating in the EU/EEA
If your business is a UK based Digital Service Provider to the EU/EEA, make sure you comply with the Network and Information Systems Regulations and the associated EU Directive from 1st January 2021. The Network and Information Systems Directive provides legal measures to boost the overall level of network and information system security in the EU. To comply, you must appoint a representative in one of the EU member states where you offer services.
Other useful links:
▪ ICO Website - Data protection at the end of the transition period: https://ico.org.uk/for-organisations/data-protection-at-the-end-of-the-transition-period/.
▪ Legal aspects of information society services: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32000L0031.