Of course, the legal text matters. But that is not all about it. If your organisation is located in the UK and processes personal data of EU data subjects, you need – based on Article 27 GDPR – an EU representative GDPR. You also have to identify a lead supervisory authority in the EU and have to update any contracts governing EU/UK data transfers to incorporate standard contractual clauses. And to top it all off you also need to update your policies, procedures and other documentation in light of the these changes.
UK organisations have a 6 month space where nothing changes. The problem is that too many, far too many, organisation take that to mean do nothing instead of take this time to prepare for the time you need it in place!
Tash
Not a lot tbh. They used MS Word to do a find and replace for EU to UK. Seriously, all changes are available in the keeling schedule here: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/685632/2018-03-05_Keeling_Schedule.pdf
Henk van Leussen
Of course, the legal text matters. But that is not all about it. If your organisation is located in the UK and processes personal data of EU data subjects, you need – based on Article 27 GDPR – an EU representative GDPR. You also have to identify a lead supervisory authority in the EU and have to update any contracts governing EU/UK data transfers to incorporate standard contractual clauses. And to top it all off you also need to update your policies, procedures and other documentation in light of the these changes.
Chris Roberts
UK organisations have a 6 month space where nothing changes. The problem is that too many, far too many, organisation take that to mean do nothing instead of take this time to prepare for the time you need it in place!
Henk van Leussen
Waiting and waiting is a disease that many – including non-UK organisations – suffer from…
Dave_Wylie
This is a useful little resource : https://ukgdpr.fieldfisher.com/