The UK retained full autonomy over its data protection rules from 1st January 2021. The General Data Protection Regulation (GDPR) has been retained in UK law and will continue to be read alongside the Data Protection Act 2018, but with some technical amendments to ensure it can function in UK law. All businesses responsible for using personal data, must continue to follow strict ‘data protection principles’ and ensure that all personal data information is: used fairly, lawfully and transparently.
The EU-UK Trade and Cooperation Agreement contains a bridging mechanism that allows the continued free flow of personal data from the EU/EEA to the UK after the transition period until adequacy decisions come into effect.
The Legislation provides a balance between individual rights and orgainisational necessity.
Our GDPR and Data Protection services have been designed to help our clients meet the new challenges created as a result of leaving the EU and ensure that they continue to be compliant with the GDPR. These services include:
• Data Protection legal reviews
• Data Protection legal impact assessments
• Data Protection and HR impact considerations
• Internal GDPR policy drafting and implementation
• External GDPR policy drafting and implementation
• Active consent assessments
• Data protection officer (“DPO”) services