The Construction Leadership Council (CLC) has urged businesses to review their approach to data protection and GDPR ahead of the end of the Brexit transition period on 31 December.
The CLC’s Brexit Working Group has published a brief guide that suggests businesses should:
- review and update data inventories or ‘Records of Processing Activities’;
- consider relationships and agreements with third party who process data; and
- regularly review government guidance.
The guide offers a reminder that although the UK has left the EU and is in the transition period, UK businesses still need to comply with GDPR.
However, Mace group legal director Amy Chapman, who along with Tideway general counsel Celia Carlisle oversaw the production of the guide, warned: "Currently the data protection situation after the transition period is uncertain while we wait to see if the EU will agree that the UK’s current data protection rules are ‘adequate’.
"The CLC’s newly published guide seeks to highlight the main issues and suggest what businesses can do during the transition period to protect themselves in the event no adequacy agreement is reached by 31 December. It is a complex area."
In the absence of an adequacy decision and where there are transfers of personal data between the UK and the EU, the guide suggests that "organisations will need to put in place other safeguards for data transfers from the EU to the UK, with the most likely mechanism being Standard Contractual Clauses which can be built into contracts and data processing agreements".
Image: 111600914 © mixmagic | Dreamstime.com