Whether you’re selling domestically or trading internationally, data protection is a key consideration for all businesses. Personal data usage in the UK is protected by law. The Data Protection Act 2018 along with the UK GDPR contain a set of principles that all organisations, including the public sector, have to adhere to in order to keep someone’s personal data accurate, safe, secure and lawful.
After leaving the EU, the UK was granted data adequacy on 28 June 2021. This means that the EU recognises the UK data protection regulations as “essentially equivalent” to those of the EU. For UK businesses, data can continue to flow between the UK and the European Economic Area (EEA) as it did before the UK’s transition out of the European Union in the majority of cases.
What is personal data?
Personal data is generally information that relates to an identified or identifiable person, such as names, addresses and personal emails. Even if you cannot directly identify an individual purely from the data you hold, you still need to consider whether an individual may be identifiable if this data is put together with other information which may be held elsewhere. All personal data must be handled in accordance with the UK data protection rules.
Does GDPR still apply?
GDPR is an EU regulation which no longer applies to the UK, however, the provisions of GDPR have been incorporated into UK law as the UK GDPR. If you trade in the EEA, you will still need to follow EU GDPR guidance and UK GDPR when trading.
As EU GDPR exists to protect the data of European citizens, you do not need to follow EU GDPR guidelines when trading with other countries outside of Europe but you should still ensure your data security and processes protect the personal details of your customers and that it complies with the UK data protection legislation and that it complies with the UK data protection legislation.
Do these rules apply to me?
The international data transfer rules applies if you are a UK based business or organisation who transfer personal data to other countries.
Where can I go for further guidance?
- The ICO offer comprehensive guidance on all aspects of data protection both domestically and internationally. Find guidance, toolkits and other resources on the ICO website.
- FSB members can access the FSB legal hub via their member dashboard which holds a wealth of guides and template documents about UK GDPR, data protection and how to protect your small business.
- FSB members and account holders can download our free Business Basics: Dealing with data guide to protect your business and customer data. Not a member? You can subscribe here and receive a free copy of our guide.
- FSB members can access data protection prosecution cover including legal representation for defending legal proceedings in cases of data protection issues.