GDPR has been changed as part of the Brexit withdrawal agreement and has been renamed UK GDPR.
UK GDPR, which stands for the United Kingdom General Data Protection Regulation, came into force at the beginning of January 2021 and affects all businesses including the public sector and charities.
Unlike GDPR, UK GDPR applies to any data processing undertaken in the UK no matter where the client or customer is based in the world. This means you must extend data subjects’ rights and other legal obligations to everyone in the world, not just those located within the UK and EU.
If you are involved in any international personal data exchanges you should undertake a data proetection audit because the changes coincide with a breakdown during the last six months of the US Privacy Shield. So if you are sharing any personal data with another company in the US – whether a subsidiary, head office, or even a supplier like MailChimp – you must put in place appropriate transfer documentation or risk a heavy fine.
To learn more, we have arranged a UK GDPR webinar on Friday 26 February between 10.30am and 11.30am to explain the changes and what you need to do to remain compliant.