How to protect data when trading internationally

Blogs 28 Oct 2022

Learn about how you can protect data and your business when trading internationally and the legislation you need to follow.


Whether you’re selling domestically or trading internationally, data protection is a key consideration for all businesses. Personal data usage in the UK is protected by law. The Data Protection Act 2018 along with the UK GDPR contains a set of principles that all organisations, including the public sector, have to adhere to in order to keep someone’s personal data accurate, safe, secure, and lawful.

After leaving the EU, the UK was granted data adequacy on 28 June 2021. This means that the EU recognises the UK data protection regulations as “essentially equivalent” to those of the EU. For UK businesses, data can continue to flow between the UK and the European Economic Area (EEA) as it did before the UK’s transition out of the European Union in the majority of cases.

What is personal data?

Personal data is generally information that relates to an identified or identifiable person, such as names, addresses and personal emails. Even if you cannot directly identify an individual purely from the data you hold, you still need to consider whether an individual may be identifiable if this data is put together with other information which may be held elsewhere. All personal data must be handled in accordance with the UK data protection rules.

Does GDPR still apply?

GDPR is an EU regulation that no longer applies to the UK, however, the provisions of GDPR have been incorporated into UK law as UK GDPR. If you trade in the EEA, you will still need to follow EU GDPR guidance and UK GDPR when trading.

As EU GDPR exists to protect the data of European citizens, you do not need to follow EU GDPR guidelines when trading with other countries outside of Europe but you should still ensure your data security and processes protect the personal details of your customers and that it complies with the UK data protection legislation and that it complies with the UK data protection legislation.  

Do these rules apply to me?

The international data transfer rules apply if you are a UK-based business or organisation that transfers personal data to other countries.

Where can I go for further guidance?

  • The ICO offers comprehensive guidance on all aspects of data protection both domestically and internationally. Find guidance, toolkits, and other resources on the ICO website.
  • FSB members can access the FSB Legal and Business Hub via their member dashboard which holds a wealth of guides and template documents about UK GDPR, data protection, and how to protect your small business.
  • FSB members and account holders can download our free Business Basics: Dealing with data guide to protect your business and customer data. Not a member? You can subscribe here and receive a free copy of our guide.

Trading internationally?

If you're just starting out with international trade or looking to expand into new markets, our international trade hub is home to resources and expert guidance to help your small business operate in global markets.

Visit the hub