New Year, No EU: What happens to the GDPR in the UK now?
At the stroke of midnight, 31st December 2020 the UK’s transition period ended and the country fully left the EU and all of its rules and regulations behind. However, despite leaving the European Union, it’s not the end of the GDPR. Employers and employees alike are still responsible for data security and must understand the roles they continue to play.
There are currently over 40 trillion gigabytes of data in existence throughout the world right now. As much as 90% of that data was created in just the last two years – and that number is going to keep rising. The GDPR was created as a means for giving control back to individuals over their share of that ever increasing mountain of data, allowing them to see who has access to it, what they’re using it for, why they need it, and to exercise their rights to move, alter, restrict, and delete any data which belongs to them.
In 2016, the UK voted to leave the EU in a national referendum and since then the country has been in the slow process of untangling itself from a complicated web of laws and regulations. The GDPR is one such Regulation. Over four years since the referendum, and two years after the GDPR was enacted into law, the UK finally left the EU and its laws behind when the transition period came to an end on 1st December 2021.
So, what does that mean for data protection in the UK?
Were all the efforts to comply with the EU Regulation made in vain? In short, no – and for two reasons. Firstly, any organisation which processes the data of EU citizens still needs to comply with the EU’s GDPR, there may be one or two differences now that the UK isn’t part of the same union, but broadly speaking they’ll still be bound by the same conditions as they were before.
Secondly, the EU is the UK’s biggest trading partner and, going forward, it wants to continue being able to trade, both goods and data, as easily as possible. This means that the UK’s data protection laws need to be comparable to the EU’s. So, to make that a reality, the UK government took the EU Regulation in its entirety, made a few adjustments to make it more relevant to the UK and then made it law. Since 1st January 2021, the UK GDPR has been the sole data protection law defending the rights of UK citizens.
So, far from Britain’s exit from the EU meaning that organisations can roll back the many changes they made to comply with the Regulation, it means that maintaining those changes and continuing the effort to remain vigilant to data protection issues; upholding individual rights; and being transparent, fair, lawful, accurate, considerate, responsible, and accountable for their actions is more important than it ever has been.
A major requirement of the GDPR is that staff at all levels of an organisation are properly trained to understand the GDPR, the importance of data security, and what they need to do to keep data safe. iHASCO, a market leading provider of eLearning, has just launched two new courses to ensure that everybody receives the training they need.
“GDPR often instils fear and panic amongst employers and employees, as protecting data is a serious issue” says James Kelly, Script Writer and GDPR Expert at iHASCO. “With the UK’s departure from the EU, the GDPR in Education and Advanced courses (UK Versions) go a long way towards ensuring educational establishments understand their existing GDPR responsibilities with confidence.
GDPR (UK) in Education Training is a course for those working in the education sector (including universities, schools and nurseries) and will help users gain a full understanding of the Regulation, its importance, and how it applies to their role. Working in education means that you’re likely to handle extra sensitive data, which is given special protection under the GDPR. For example, teaching staff not only handle the register of student names, they also have health and behavioural data, grades, reports and many other pieces of highly sensitive Special Category personal Data – as such, they need to understand how to keep that data safe, and why it’s so important to do so. By the end of the course, users will feel confident in carrying out their role safely and effectively and feel empowered to make a genuine difference in their workplace.
GDPR Advanced (UK Version) is for anyone responsible for creating, maintaining, managing, or overseeing data protection and/or data handling within their organisation. It is comprehensive, covering every possible aspect of the GDPR, providing users with an in-depth understanding of the Regulation and its implications; providing interactive scenario-based questions so that users can apply their newly acquired knowledge to real-life examples; and it provides additional materials which, along with the lessons they learn, will make a valuable difference to how they perform their role at work.
Responses