The document discusses the implications of Brexit on GDPR, highlighting the transition to UK GDPR, which affects data processing regulations as of January 1, 2021. Key dates are provided regarding 'adequacy' status and changes to the definition of 'child' under GDPR. It outlines necessary actions for compliance, including updating privacy policies and assessing data handling procedures, especially for businesses dealing with EU data.

1. GDPR IN THE
POST BREXIT
LANDSCAPE
KEITH BUDDEN
BRIGHTON
SEO 2021
#BRIGHTONSEO

2. CONTENT
WHAT HAS CHANGED?
WHEN DID IT CHANGE?
BUT DON’TWE HAVE A DEAL?
DATESTO PREPARE FOR
KEY QUESTIONSYOU NEED
TO ASK
IS IT REALLY GOINGTO BE
ENFORCED?
SO WHAT DO I NEEDTO DO?
CAN I DO IT MYSELF?
CONTACT ME
#BRIGHTONSEO

3. WHAT HAS
CHANGED?
GDPR INTHE POST BREXIT LANDSCAPE
MODULE 1
#BRIGHTONSEO

4. WHAT HAS
CHANGED?
• GDPR becomes UK GDPR (based on DPA 2018)
• UK GDPR is ‘adequate’ for four months as agreed in
EU/UK trade agreement (and could then be extended
by another two months providing neither side objects)
• UK becomes a ‘third country’ for GDPR purposes

5. WHAT HAS
CHANGED?
• GDPR becomes UK GDPR (based on DPA 2018)
• UK GDPR ‘adequate’ for four months (and possibly two months after
that if no permanent adequacy agreement reached and both sides
agree).
• UK becomes a ‘third country’ for GDPR purposes
• When the transition period ended on 31st December 2020, the
Data Protection, Privacy and Electronic Communications
(Amendment etc) (EU Exit) Regulations 2019 (2019 Regulations),
made 28 February 2019, will implement EU GDPR standards in
the UK from exit day.The 2019 Regulations consolidate and
amend the EU GDPR and UK Data Protection Act 2018 (which
supplements the GDPR in UK law) to create a new UK GDPR.As
with the EU GDPR, the UK GDPR will have extra-territorial
reach.

6. WHAT HAS
CHANGED?
• The UK GDPR will apply to the processing of personal data
if:
• You are located in the UK.
• You offer goods and services to, or monitor the behaviour
of, individuals in the UK.
• Your data processing remains in the UK
• The data was collected after 11pm on 31st December 2020

7. WHAT HAS
CHANGED?
• The EU GDPR may also continue to apply to you if:
• You have branches or offices in the EEA.
• You offer goods and services to, or monitor the behaviour
of, individuals in the EEA.
• Your data processing involves EEA processors
• The data was collected before 11pm on 31st December 2020

8. WHAT HAS
CHANGED?
• From September, definition of ‘child’ under GDPR is changing
• Currently under UK GDPR, child means anyone 13 or under,
from September 2021 this becomes anyone under 18.

9. WHEN DID IT
CHANGE?
GDPR INTHE POST BREXIT LANDSCAPE
MODULE 2
#BRIGHTONSEO

10. WHEN DID IT
CHANGE?
• 11 pm GMT on 31st December 2020
#BRIGHTONSEO

11. BUT DON’T
WE HAVE A
DEAL?
GDPR INTHE POST BREXIT LANDSCAPE
MODULE 3
#BRIGHTONSEO

12. BUT DON’T WE
HAVE A DEAL?
• UK and EU have agreed a trade deal
• UK has given EU ‘adequacy’ status
• Current ‘transition’ period for GDPR until July 2021
• On 19th February 2021, European Commission issued
its draft UK Data Adequacy Judgement
#BRIGHTONSEO

13. BUT DON’T WE
HAVE A DEAL?
• So what’s left to be done ?
• EDPB reviews draft UK Data Adequacy Judgement
• All EU countries agree on and ratify adequate status
• EU Commission adopts UK Data Adequacy Judgement
• Data sharing agreement does not impose requirement
for additional steps for EU <-> UK data transfer
• Privacy campaigners do not start legal challenge against
the adequacy decision
#BRIGHTONSEO

14. DATES TO
PREPARE FOR
GDPR INTHE POST BREXIT LANDSCAPE
MODULE 4
#BRIGHTONSEO

15. DATES TO
PREPARE FOR
• 30th April 2021 –Temporary ‘adequacy’ ruling expires
(but will extend by a further two months if neither side
objects)
• 30th June 2021 – Temporary ‘adequacy’ ruling expires
• September 2021 – new rules for sites primarily aimed
at and/or accessible to children come into force.
#BRIGHTONSEO

16. KEY
QUESTIONS
YOU NEEDTO
ASK
GDPR INTHE POST BREXIT LANDSCAPE
MODULE 5
#BRIGHTONSEO

17. KEY
QUESTIONS
YOU NEEDTO
ASK?
• Establish if you have clients, employees or suppliers
within the EU ?
• Establish if any of your data is stored in the EU ?
• Establish if any of your data is processed in the EU ?
• Is any data you process originating from the EU?
• Is your product/app/service aimed at children?
• Is your website/app/service accessible to children?
#BRIGHTONSEO

18. IS IT REALLY
GOING TO BE
ENFORCED?
GDPR INTHE POST BREXIT LANDSCAPE
MODULE 6
#BRIGHTONSEO

19. IS IT REALLY
GOINGTO BE
ENFORCED?
• YES! – both ICO and EDPB have indicated it will be
enforced
• Draft tariff schedule gives penalty level guidance of circa
£5,000 for non-compliance
#BRIGHTONSEO

20. SO,WHAT DO
I NEEDTO
DO?
GDPR INTHE POST BREXIT LANDSCAPE
MODULE 7
#BRIGHTONSEO

21. SOWHAT DO I
NEEDTO DO?
• Update your privacy policy to reflect UK GDPR
• Establish if you have clients, employees or suppliers
within the EU
• Establish if any of your data is stored in the EU
• Establish if any of your data is processed in the EU
• Establish if your website is available for children
#BRIGHTONSEO

22. SOWHAT DO I
NEED TO DO? –
IFYOU HAVE EU
DATA OR
PROCESSING
• Establish an EU place of business or find an EU agent
• Register with an EU DPA/ICO
• Conduct a Data Privacy Impact Assessment (DPIA)
• Ensure any contracts with EU entities include required
legal clauses
• On an ongoing basis, establish whether your data
handling procedures are in line with EU standards
#BRIGHTONSEO

23. SOWHAT DO I
NEED TO DO? –
IFYOU HAVE EU
DATA OR
PROCESSING
• If your website is aimed/accessible to children then you
potentially need 3 new privacy policies –
• One for children 7 and under
• One for children between 8 and 13
• One for children over 13
#BRIGHTONSEO

24. CAN I DO IT
MYSELF?
GDPR INTHE POST BREXIT LANDSCAPE
MODULE 9
#BRIGHTONSEO

25. CAN I DO IT
MYSELF?
• Yes
#BRIGHTONSEO

26. CAN I DO IT
MYSELF?
#BRIGHTONSEO

27. CAN I DO IT
MYSELF?
#BRIGHTONSEO

28. ABOUT ME
GDPR INTHE POST BREXIT LANDSCAPE
MODULE 10
#BRIGHTONSEO

29. ABOUT ME
• Working in data security since 1997
• Working in GDPR since 2016
• Presenter and producer of the GDPRWeekly Show,
available on all major podcast platforms
• Presenter of the GDPR Surgery, 4pm UKTime every
Thursday on Clubhouse
#BRIGHTONSEO

30. HOW MUCH
WILL IT COST
TO WORK
WITH ME?
• For pricing details, please contact me but it will
probably be less than you expect!
#BRIGHTONSEO

31. BRIGHTON SEO
2021
SPECIAL OFFER
• New UK GDPR compliant privacy policy
• Our normal price £147 +VAT
• BRIGHTON SEO 2021 - £97 +VAT
• Order it today - £77 +VAT (if ordered before 12 PM
UK time)
#BRIGHTONSEO

32. CONTACT ME
• Email: keith@ensurety.co.uk or
helpdesk@gdprweeklyshow.com
• Telephone: +44 (0) 7858 138218
• To sign up or to download our checklist, please go to
https://www.gdprweeklyshow.com/brexit
#BRIGHTONSEO