Department for Culture, Media and Sport
As we prepare to leave the EU one of the key issues that we have been preparing for is data sharing. It’s something that affects businesses and consumers across the country. Although not always top of people’s minds, it’s something that’s vital to consider and plan for.
That’s why today, on Data Protection Day, I want to remind particularly small and medium sized businesses about the importance of planning for our future data relationship with the EU and beyond.
Marking Data Protection Day
Data Protection Day is an international event where governments, national data protection bodies and businesses raise awareness about the rights to personal data protection and privacy.
Here in the UK we’ve already introduced robust new laws through the Data Protection Act 2018. We’ve given people more power and control over their data, such as the right to be forgotten, and also strengthened the powers of our data regulator the Information Commissioner’s Office (ICO).
The Information Commissioner Elizabeth Denham has already demonstrated that the ICO take these matters extremely seriously. For example Facebook were fined the maximum amount possible of £500,000 for their part in the Cambridge Analytica scandal. However, if that incident had fallen under the new Act then the ICO would have the power to issue fines of up to £17 million or 4 per cent of the companies annual turnover.
This demonstrates that data protection is taken seriously. And as we leave the EU we need businesses to take the issue seriously too.
That’s why the government has already made plans to secure a data adequacy decision from the EU. This will ensure UK and EU firms can carry on exchanging personal data like they do now. For example, an Italian travel agents that sells holidays in the UK sends the personal data of customers to hotels in the UK in order to fulfil bookings.
If a deal is agreed then these discussions will start with the aim of having an adequacy decision in place before the end of the transition period.
If however we leave with no deal then we need SMEs to be as prepared as possible for that too. I understand that for businesses, both big and small, the current uncertainty around Brexit is deeply concerning, however it is important that companies are ready for every eventuality.
Start preparing now
The ICO has already issued guidance to businesses and I would urge companies to take action now to review their own personal data exchanges with other countries.
We understand that this can be a daunting prospect for some, but there is help at hand. The ICO has support for businesses and there’s a range of information available on its website and on GOV.UK.
This includes the six steps businesses should take, as well as more detailed guidance and an interactive tool to support the completion of standard contractual clauses – one of the GDPR safeguards businesses can put in place to ensure that personal data can continue to be transferred from the EU to the UK.
So the message is clear. Make sure that your business is prepared for our exit from the EU and make sure you read the guidance available and take the necessary steps to ensure you avoid disruption to exchanges of personal data that your business relies on.