‘Does GDPR apply to me and my business?’ is a question often asked around the General Data Protection Regulation that’s coming into effect in May 2018. The UK’s decision to leave the EU has left many UK businesses wondering what, if any, relevance GDPR now has for them. Theresa May has revealed that she will trigger Article 50 on March 29 2017, meaning that formal negotiations on Brexit will begin, so understanding where you stand in regards to GDPR is crucial for you and your organisation to be compliant under EU law.
You can also download our free GDPR policy here.
GDPR applies to you and your business if:
- Your organisation has a presence in the UK
- You’re a UK business that processes EU citizens’ personal data or monitors their behaviour, or who has staff operating in the EU
Compliance with GDPR will be required irrespective of Brexit and the UK’s membership. These are the same conditions that any business operating in the EU must meet.
For UK businesses that do not process EU citizens’ data:
- The UK will probably be obliged to comply with GDPR, at least for a short period
- There will be a period of overlap when the UK’s EU membership is still intact and the enforcement of GDPR in the UK will have begun
It is also important to remember that for the free transfer of personal data to occur between the UK and EU Member States, the UK will need to adopt either GDPR or an equivalent data protection law to meet the EC’s adequacy requirement.
However, not every organisation who controls or processes personal data is subject to GDPR. Depending on the nature of an organisation, it may be exempt from the Regulation.
MetaComplaince eLearning
Our eLearning is unique, interactive and will enhance your understanding of the General Data Protection Regulation. Watch our trailer so you can see how GDPR can be simplified for businesses operating across Europe.