GDPR compliance for the UK after Brexit?
For the first 4 to 6 months of 2021, the flow of data between the EU and the UK will remain the same. It all depends on the adequacy decision that the EU will make about the data flow.
What does Adequacy mean?
‘Adequacy’ is a term that the EU uses to describe other countries, territories, sectors, or international organizations that it deems to provide an essentially equivalent level of data protection to that which exists within the EU.
The UK is seeking adequacy decisions under both the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED). The effect of an adequacy decision is that personal data can be sent from an EEA state to a third country without any further safeguard being necessary.
What can you do right now?
Since the UK GDPR is almost word for word completely identical to the EU’s GDPR:
it requires your website to obtain explicit consent from users before processing their personal data via cookies and third-party trackers
it requires you to safely store and document each valid consent
it requires your website to enable users to change their consent just as easily as they gave it
and it gives a set of rights to UK users, chief among them the right to delete and the right to have corrected already collected personal data
What you can do right now is change the name/wording of the already generated GDPR compliance page to UK GDPR compliance from Online Store > Pages > GDPR Compliance as shown here:
What does Adequacy mean?
‘Adequacy’ is a term that the EU uses to describe other countries, territories, sectors, or international organizations that it deems to provide an essentially equivalent level of data protection to that which exists within the EU.
The UK is seeking adequacy decisions under both the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED). The effect of an adequacy decision is that personal data can be sent from an EEA state to a third country without any further safeguard being necessary.
What can you do right now?
Since the UK GDPR is almost word for word completely identical to the EU’s GDPR:
it requires your website to obtain explicit consent from users before processing their personal data via cookies and third-party trackers
it requires you to safely store and document each valid consent
it requires your website to enable users to change their consent just as easily as they gave it
and it gives a set of rights to UK users, chief among them the right to delete and the right to have corrected already collected personal data
What you can do right now is change the name/wording of the already generated GDPR compliance page to UK GDPR compliance from Online Store > Pages > GDPR Compliance as shown here:
Updated on: 09/02/2024
Thank you!