New rules on data protection

The UK has left the EU

As of 1 January 2021, UK organisations that process personal information of EU residents need to:

  • Appoint an EU representative;
  • Identify a lead supervisory authority in the EU;
  • Update contracts governing EU–UK data transfers to incorporate standard contractual clauses; and/or
  • Update policies, procedures and documentation in light of these changes.

Failure to comply can result in fines of up to €10 million or 2% of annual global turnover – whichever is greater – and suspension of data processing activities.

If you're not ready, here's what you need to do

The transition period has now ended, and there are a number of changes to the way organisations need to deal with personal data.

You can use our checklist to track some of the headline issues and resolve them before you find yourself at odds with the law.

See what actions your organisation needs to take to ensure your data processing activities remain safe and GDPR-compliant.

Download now

Ensure your transition runs smoothly

IT Governance can help you easily transition your current policies and procedures in line with new legislation while minimising business disruption. Our data privacy experts will guide you step by step to ensure you remain compliant.

UK GDPR and DPA 2018 after Brexit Training Course

Delivered by an experienced data privacy consultant, this half-day training course will give you an overview of the key changes to the GDPR and DPA 2018 after Brexit.

Find out the practical implications of these changes and what they mean for your business.

Learn more

UK GDPR and DPA 2018 Data Protection Assessment

Assess your organisation’s data protection preparations following Brexit and identify any gaps with this two-day GDPR and DPA 2018 assessment.

Get a detailed review of your organisational processes and documentation.

Learn more

GDPR EU Representative Service

Appoint an EU representative to meet your obligations.

This fast, efficient and affordable service will enable you to meet your Article 27 obligations.

The EU Representative service is delivered by data privacy experts with vast GDPR compliance experience.

Learn more

EU-US Data Transfer Assessment and Action Plan 

Establish your level of compliance with the EU GDPR’s strict rules on international transfers, and receive a practical, step-by-step action plan to resolve any issues.

This service will help you remain compliant with the EU GDPR when transferring personal data outside of the EU following the Schrems II privacy ruling.

Learn more

Need more information?

I’m a UK organisation that would like some more advice

Speak to a data privacy expert

I’m an EU organisation, what do I need to know?

Find out more

I’m a US organisation, what do I need to know?

Find out more

Key resources

This website uses cookies. View our cookie policy
SAVE 10%