When GDPR came into force in 2018, it caused a flurry of activity within companies all around the world, all trying to work out what they could and couldn’t do with data they’d been collecting for years.
It seemed it was website owners that were most concerned, and people have got used to having to click buttons to say that they’re happy for sites to collect their data.
However, for some companies, especially outside the EU, it’s all a bit too much for them to be bothered with and so if they detect a user from Europe, they’ll simply stop them viewing the site.
That’s OK if you’re a small news station in Texas, but what if you have to deal with people in Europe? And what if you deal with people in the UK and still want to after Brexit?
The world is flat
The Internet has succeeded in democratising information and making it available to absolutely anybody who has a connection. So if you own a website that offers goods or services to people, you might need to consider where those users come from.
Also, if you’re in the business of dealing with people in the EU or Britain, then you’re going to have to abide by the rules of GDPR.
According to the ICO – the body in charge of overseeing data protection and enforcing GDPR in the UK:
“The UK government intends that after the transition period ends, the UK version of the GDPR will say that a controller or processor located outside the UK – but which must still comply with the UK GDPR – must appoint a UK representative.”
For those readers not up to date with the political goings-on in the UK, the “transition period” is where the UK is not part of the European Union anymore, but still abides by its rules until such time as a deal is worked out. If ever a deal does get worked out.
When the UK does eventually leave, most of the laws will simply be transferred across to UK law anyway.
However, in essence, even though we’ll have the same basic rules as the EU, we’ll be a “third country”, and therefore it’s up to the EU to decide whether we have an “adequate level of data protection.”
The UK government is currently seeking an adequacy decision from the EU.
If it comes to fruition, then data will be allowed to pass freely between the EU and the UK.
So what happens next?
Whatever the EU decides with regards the UK’s adequacy, if you’re a business that sells goods and services to people in the UK, or you monitor the behaviour of people in the UK, and you don’t have an office in the UK, you’ll need to appoint a representative.
This could be an individual or an agency working on your behalf, but you will need to give them written consent to work for you in matters relating to data protection.
Of course, if you’re dealing with people in the UK, you’ll likely be dealing with Europe, too, so it’s worth seeking out a representative that can help with both sides.
A good representative can smooth over the bumps
Given the new rules, Brexit and the general concern about people’s data and how it can be accessed, it might seem an impossible task to have to deal with the UK given the rules, but it need not be.
A good GDPR representative can make everything go smoothly, helping you to reach into markets that can boost your sales and profitability.
So, if you think you might want to offer your goods or services into the UK and want to do it easily, and with the minimum of fuss, contact us today.