The Info Commissioner’s Workplace has urged British companies to place in place various switch mechanisms to make sure the move of private knowledge from the EU to the UK regardless that the EU-UK commerce settlement has allowed private knowledge to move freely for an additional six months.
Earlier this month, the UK authorities launched a abstract of the commerce deal, dubbed the EU-UK Commerce and Cooperation Settlement, that it agreed to with the European Union as a part of the method of separation of the UK from the union.
Amongst different issues, the deal permits the free flow of personal data from the EU to the UK for now not than six months or till adequacy selections are adopted. It additionally permits the UK to trade private knowledge and data with Eurojust (European Union Company for Prison Justice Cooperation).
With a purpose to make sure the continuity of sturdy cooperation between the UK and different EU member states to discourage, stop, and to answer numerous crimes, the UK has additionally signed a new comprehensive security agreement with the EU that permits authorities to trade nationwide DNA, fingerprint and car registration knowledge by way of the Prüm system to help regulation enforcement companies in investigating crime and terrorism.
The settlement additionally permits the quick and efficient trade of felony data knowledge between UK regulation enforcement authorities and Europol and Eurojust in addition to continued transfers of Passenger Identify Report knowledge to guard the general public from severe crime and terrorism.
“I’m immensely happy with the great package deal of capabilities we’ve agreed with the EU. It means each side have efficient instruments to sort out severe crime and terrorism, defending the general public and bringing criminals to justice. However we may also seize this historic alternative to make the UK safer and safer by way of firmer and fairer border controls,” stated House Secretary Priti Patel.
Welcoming the free move of private knowledge from the EU to the UK, Info Commissioner, Elizabeth Denham stated that is the best possible outcome for UK organisations processing private knowledge from the EU.
“Because of this organisations will be assured within the free move of private knowledge from 1 January, with out having to make any modifications to their knowledge safety practices. We will probably be updating the ICO steerage on our web site to mirror the prolonged provisions and guarantee companies know what occurs subsequent. At this stage it’s excellent news for companies and public our bodies,” she added.
Nevertheless, contemplating that the free move of private knowledge will solely happen till adequacy selections are adopted, the Info Commissioner’s Workplace stated companies ought to work with EU and EEA organisations who switch private knowledge to them, to place in place various switch mechanisms, to safeguard in opposition to any interruption to the free move of EU to UK private knowledge.
In keeping with Darren Wray, CTO at knowledge privateness consultants Guardum, there are methods British companies that trade private knowledge with their EU counterparts can put together for the day adequacy selections are adopted, signaling the tip of the free move of private knowledge between the 2 areas. These are:
1. Perceive your knowledge flows
Just remember to know what private knowledge you might be sending, to who, and what nation they’re based mostly in. This must be one thing that each one organisations have understanding of as a part of their GDPR compliance, however issues change, so now is an efficient time to ensure that all the things is updated.
Remember to incorporate the businesses who host your company knowledge, together with companies resembling Workplace 365 that present knowledge storage and the processing of e mail.
2. Perceive your shopper and vendor agreements
Checking by way of your shopper and vendor agreements in order that they are often amended forward of time is one thing that each organisation should be doing proper now. Until companies have paid consideration to this specific space prior to now then there’s more likely to be a minimum of some work to be performed.
3. Make sure the safety of your unstructured knowledge
One of many issues which are going to vary is that, whereas earlier than an organization based mostly within the EU might encrypt a doc and ship it to its UK companion for processing, in future, they’re more likely to must redact or take away the non-public info in any paperwork. So earlier than they’re despatched forwards and backwards, they need to use automated redaction software program to reduce the dangers and the workload of this course of.