Because the GDPR is a European regulation, we can’t directly use it as law, so the UK have added to our own legislation in the form of the updated Data Protection Act 2018 (DPA). The DPA updates a 20 year old law (definitely not our oldest but still very outdated) to include modern technology and other best practice processes for handling your data. The update to our domestic law also helps when it comes to implementing Brexit fully, meaning that there will be no retraction of the more onerous GDPR laws in favour of our own previous domestic law, so there won’t be any changes any time soon.
Firstly, in your contracts you need to be referencing the correct law, particularly in preparation for Brexit, but also as best practice. One way to ensure you are keeping your contracts in line with current law is to define statutes, we often add “a statute is a reference to that statute or provision as amended or re-enacted at the relevant time” within our standard definitions to ensure you are protected against changes, but where possible you should refer to the correct versions.
Secondly, the two laws aren’t the same! There are some subtle differences between the two, allowing certain business types to take additional liabilities with personal data. The DPA is also more comprehensive than the GDPR, adding further provisions surrounding processing that may not happen in other member states’ countries, or to clarify where the GDPR was only brief regarding the absolute minimum data protection standards.
Aside from the changes above, the GDPR is still fully in force and we recommend that you speak to an expert to help ensure your compliance if you have not done so already. Additionally, if your business uses EU member states’ personal data, you must comply with the GDPR in all respects when it comes to their data. This requirement will also continue after the completion of Brexit, despite any changes to the DPA. EU law requires our Data Protection laws to be at least ‘adequate’ as defined by article 45 of the GDPR in order to continue smooth transactions to continue between us and member states.
We recommend speaking to an expert who will be able to go through your business processes with you, assess your level of risk and explain any changes you need to implement before you will be compliant. Look into the GDPR and what practices you need to start using in your business. We wrote a handy guide here https://www.bebconsultancy.co.uk/gdpr-made-simple-for-business-owners/ and would be happy to arrange a no obligation call to discuss your needs.