• Gdpr
  • January 30, 2020

Newsflash – ICO issue statement on GDPR compliance after Brexit

By Lawbite Team

Talk to a Lawyer Free Legal Help
The ICO has published a statement on GDPR compliance after 31 January 2020 (the day that the UK leaves the European Union).   There are no big surprises in the ICO’s statement, as it is consistent with the ICO’s previous given indications and guidance. The message is clear – GDPR still applies – at least during the 11-month transition period.  

Remind me what GDPR is about?

In brief, the General Data Protection Regulations (GDPR) gives rights to individuals and their personal data.  This in turn means that organisations bear a regulatory burden and have obligations and responsibilities to make sure that personal data they hold is protected.   This includes providing clearer information to individuals about how and why they hold that data, informing the individuals of their own rights over their data, and that ensuring the organisation has adequate security for the protection of that data.  Organisations must also have in place and maintain a process on how to identify, assess and deal with any breaches of the security of that personal data.  

What has the ICO said?

The ICO’s statement can be found here. In summary, from 31 January 2020 until the end of the Brexit transition period, which runs until the end of December 2020, it will be business as usual for data protection. The ICO has also highlighted that it doesn’t yet know the situation after the transition period.  They will keep the position under review and will continue to publish guidance as the situation develops.

What does this mean for me?

Organisations and businesses still must comply with the terms of GDPR. Individuals continue to have rights including the right to control how their personal information is processed by organisations and businesses.  In short, the ICO has made it clear that it is business as usual – and that the GDPR will continue to apply. See below more information on how to comply.

Appointment of an EU Representative

At the moment this means that if your organisation processes personal information about individuals based in the EU, you do not need to take additional steps to appoint an EU representative (yet). This was discussed in our October 2019 blog post on post Brexit compliance.  If the UK and the EU can not reach an agreement about the status of the UK and GDPR for after the transition period, UK organisations may have to appoint a representative in a relevant EU member state, in order to continue for the organisations to continue to be GDPR compliant.  We will keep this situation under review and will update our Blog pages with news once things become clearer.

Penalties for non compliance

There may be significant fines and penalties for organisations who breach GDPR (depending on the nature of the incident). For more administrative breaches, fines may be up to almost £8m or 2% of a company’s global turnover (whichever is higher), with fines for more significant incidents up to £17m or 4% of global annual turnover.

Where can I find out more about compliance?

The ICO’s website site (ICO.gov.uk) has some excellent resources for businesses and organisations of all sizes, including a Hub aimed at SME (Small and Medium sized Enterprises).

LawBite also has many articles, blogs, guidance and packages that help guide businesses and organisations through the compliance maze. For more information about compliance with GDPR, please refer to LawBite’s Blog series on GDPR. Our lawyers provide expert legal advice to your business to ensure that your documents, including your websites and contacts are appropriate and robust. We also offer to review your terms and conditions and recommend updates and improvements to make them more effective and better suited to your business.

For more information, or for advice on the application of the GDPR to your organisation and what steps your business should take to comply with the regime, including drafting or amending your Privacy Notice or compliance documents, please get in touch with us at [email protected] or contact Rachel Robinson at LawBite. This note is a summary of the ICO’s position and GDPR and does not constitute legal advice.   The author of this Blog article, Rachel Robinson. Rachel Robinson has over 20 years’ experience of providing company commercial law advice, including drafting contracts, data protection and competition law to organisations of all sizes, ranging from FTSE100 companies to owner managed small business.

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • September 20, 2021
How to Gain Consent Under the GDPR

Even several years after the introduction of the General Data Protection Regulations (GDPR) in 2018, there is still a lack of understanding about h...

blog image
  • By Lawbite Team
  • September 15, 2021
How to Run a Data Subject Access Request (SAR)

Whether you are a small, medium, or large organisation, receiving a subject access request (SAR) or data subject access request (DSAR) and handling...

blog image
  • By Lawbite Team
  • September 15, 2021
What are the Privacy and Electronic Communications Regulations 2003?

In the era of digital communication and big data, it is more important than ever to protect the rights and privacy of customers, whether these are ...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan