While the important matter of a global pandemic has dominated the news this year, there is another subject that has been keeping us busy at SARD as we head towards Christmas - the end of the Brexit transition period and the UK’s leaving of the EU at midnight on December 31st.
We have received several queries from our clients seeking reassurance that SARD will be unaffected by the withdrawal, as understandably there are some worries regarding the future of the transfer of data between the UK and the EEA.
I’m happy to say that here at SARD we do not anticipate any issues with data transfer, and it will be business as usual for both the access and the security of all data kept within the SARD systems, and indeed within our company. We are currently working though all our policies and procedures to make sure they are up to date with any changes, and have sought and received assurances from our supply chain that all the requisite contracts and clauses are in place.
Will the GDPR still apply?
The GDPR is an EU regulation, governing the data rights of EU citizens. However, there is already a UK equivalent, the UK GDPR, which sits alongside the UK Data Protection Act 2018, and which - barring some very minor differences - mirrors the EU GDPR as regards the data rights of individuals in the UK, and the obligations of data controllers and processors. To all intents and purposes, the GDPR principles still apply just as they have since the regulation came into effect, and we continue to ensure that SARD maintains compliance.
Does SARD transfer user data to and from the EU, and will you be able to continue to do so?
Like many providers we use top-tier third-party hosting provider Amazon AWS to store data, with servers based in Dublin, Ireland. The UK government places no restriction on the transfer of data to the European Economic Area (EEA). Currently, the EU Commission is deciding whether to grant ‘adequacy’ to the UK, which would mean the UK would be on a list of countries with unrestricted data sharing from the EEA. Pending this decision however, we are still able to rely on Standard Contractual Clauses for the transfer, under EU rules.
Please see here for more information on AWS’s approach to GDPR and Brexit: https://aws.amazon.com/compliance/gdpr-center/brexit/
Where can I find out more about data protection at the end of the transition period?
The Information Commissioner’s Office (ICO) provides lots of useful information: https://ico.org.uk/for-organisations/data-protection-at-the-end-of-the-transition-period/
As discussions in Brussels continue, we will continue to keep an eye on whether any changes affect us or our clients, and we hope that the 1st January 2021 not only brings a happier new year, but also a smooth transition after this rather bumpy journey. Whatever happens SARD will be ready for it!