Back in May 2018 GDPR suddenly because the acronym of the hour. But just in case you don’t already know what GDPR means, it stands for General Data Protection Regulation. This security law was introduced by the European Union, designed to give EU citizens more control over how their personal data is collected, used and stored online. 
Pre Brexit, if you held any data on your customers, including name, address, contact details and payment information, then you needed to comply with this data protection act and treat the information you hold accordingly. 
But what does this mean now that the UK is no longer part of the EU? 
Post Brexit GDPR 
Although the UK is no longer part of the European Union, companies based here will still need to comply with the rules set out in the GDPR. This is because the regulations have an extraterritorial effect, meaning non-EU countries are also affected by it, because the rules apply to any customers who are based in the EU. 
For example, even if you are a UK based business, selling mainly to UK customers, if you use web tools to track and analyse any visitors to your company website who are based in the EU, then you may still be subject to the GDPR rules. Because of this, our advice is that you should always strive to be GDPR compliant. 
However, even if you deal solely with UK customers, the changes made to the data regulations in order to achieve GDPR compliance still hold. This is because the rules set out in the EU GDRP have been incorporated into the UK’s Data Protection Act 2018. This means that the same mechanisms that regulate your customers’ private data remain in place and the fines for not complying also still apply. 
Adequacy status 
The UK is seeking to gain this formal adequacy status from the EU, and once this is in place then personal data can be sent from an EEA (European Economic Area) country state to the UK without needing any further safeguarding. ‘Adequacy’ status is the term used by the EU to describe other countries, territories, sectors and international organisations that it deems to an ‘essential equivalent’ level of data protection to that which already exists in the EU. 
There is a four to six-month bridge from the UK’s withdrawal from the European Union, whereby data can continue to flow between the EEA to the UK whilst this adequacy status agreement is being negotiated. 
Next steps 
If you haven’t done so already, these are the steps we suggest you take with your customers’ data now that Brexit has been agreed: 
- Continue to comply. Follow the ICO guidance around GRDP to ensure you’re still compliant. 
- Data flows into the EU. If you transfer any personal data from the UK into any other country (not just the EU), identify this data and continue to apply the rules set out in the Data Protection Act 2018
- Data flows into the UK. If you receive any data from an EEA country, make sure that you maintain the safeguards set out in the GDPR. 
- Documentation. Review your Data Protection policies to ensure they’re up to date and comply with the law. 
- Employees. If you have any employees, make sure they are aware of what’s going on. If you have a DPO (Data Protection Officer), they can continue to play the same role for the UK and Europe. 
If you store personal data on your customers, then it’s most likely that the Data Protection 2018 Act applies to you. Therefore, we advise that you familiarize yourself with the rules laid out by the General Data Protection Regulation and continue to observe them. 
You can contact us and we can help you through the required compliancy involved in Data Protection. 
Written by: 
Nicola J O'Sullivan -  
Effective Accounting 
Founder | Xero Champion | IR35 Expert 
Share this post:
"I couldn't recommend them highly enough and will continue to use them for Spiral Static and all future ventures!" 
Matt Badley | Spiral Static 
"I have found their help in modernising my accounts invaluable and would recommend them to anyone in a heartbeat." 
Matthew Finch | Trailer Aid Ltd 
"The whole team at effective accounting are exceptional."  
Jennifer Duthie | Skribbies Ltd 
"Nicola is one of the most adept and accessible accountants that I have ever had the pleasure of working with." 
Carter Stewart | Transworld Consulting Ltd 
"Choosing Effective Accountants has been one of the best decisions we made when we started our company."  
Matthias Geeroms | OTA Insight Ltd 
"Nicola and the team have proven to be extremely professional, efficient and always on hand to answer any questions I have (and I have a lot!)." 
Emily Hodges | EM Hodges Ltd 
"I find the service to be prompt, professional and friendly." 
Simon Weightman | Mercury TS Ltd 
"They are quick to respond and are always ahead of the curve for us. Keep it up and thank you." 
Freda McMahon | Lobster Noodle Ltd 
Our site uses cookies. For more information, see our cookie policy. Accept cookies and close
Reject cookies Manage settings