Home>Security>IT Security >ICO calls on UK businesses to “prepare to keep data flowing” at end of transition period
Home>Security Matters>Security Matters>ICO calls on UK businesses to “prepare to keep data flowing” at end of transition period

ICO calls on UK businesses to “prepare to keep data flowing” at end of transition period

07 January 2021

INFORMATION COMMISSIONER Elizabeth Denham is calling on the UK’s businesses to check whether they’re impacted by data protection law before the end of the UK’s transition period with the European Union (EU) on Thursday 31 December.

Businesses and organisations affected need to take steps to ensure that data can continue to flow from the EU lawfully from Friday 1 January 2021. The Information Commissioner’s Office (ICO) is urging businesses to visit its website (ico.org.uk/keepdataflowing) to view guidance and resources on the actions they may need to take if they use personal data.

Research indicates that sharing personal data is essential when it comes to running the majority of SMEs. Any businesses receiving data from organisations in the EU or the European Economic Area must take action to ensure the flow of data doesn’t stop.

Personal data is classed as anything that relates to an identifiable individual and can relate to information about both customers and staff. HR records, customer details, payroll information and information collected through cloud services are all forms of personal data and could be affected.

The ICO recognises that smaller organisations may not have dedicated data protection specialists to help with the preparations. The organisation has therefore created specific guidance and resources to support SMEs to keep data flowing at the end of the transition.

Businesses are advised to continue complying with the Data Protection Act 2018 and General Data Protection Regulation (GDPR) and to prepare by understanding from where the personal data they use actually comes from.

Standard Contractual Clauses

For most businesses and organisations, Standard Contractual Clauses (SCCs) are the best way to keep data flowing on EU-approved terms. The ICO website hosts an SCC Interactive Guidance tool to assist SMEs.

Businesses should also review their privacy information and any documentation to identify changes that need to be made at the end of the transition period.

As part of the negotiations, the EU is yet to make a decision as to whether it accepts that the UK’s data protection regime is still adequate. An adequacy decision is still possible, but the timing is unclear.

Elizabeth Denham commented: “We appreciate there’s a lot of pressure on SMEs right now, especially so given the impact of the pandemic. However, sharing personal data is essential to the running of many businesses and it’s vital that they take action now to ensure that data can continue to flow. As we don’t know what the outcome will be from the EU, there’s an even bigger need for businesses to prepare now.”

Denham concluded: “The ICO appreciates data protection can seem daunting to SMEs, which is why we’ve created a specific suite of products to help small businesses prepare. I encourage people to visit the ICO’s website and understand what steps they need to take and to keep up-to-date.”