UK charities and social businesses need to make sure they’re prepared for changes to data protection law after the Brexit transition period comes to an end on 31 December 2020.

It’s not just charities with offices or branches in the EU that need to get ready, charities that share personal data outside the UK and/or that offer services to people in the EU will also be affected.

In this, the first in the "Charities and Brexit – data protection compliance from 1 January 2021" series, senior associate Carla Whalen gives an overview of the new UK data protection law. 

Key points: 

  • Brexit transition period ends on 31 December 2020
  • From 1 January 2021:
    • UK GDPR will sit alongside other UK data protection laws (including DPA 2018 and PECR)
    • EU GDPR will continue to apply in remaining EU member states
  • Overseas controllers and processors must comply with UK GDPR if they offer goods or services to people in the UK or monitor the behaviour of people in the UK
  • UK controllers and processors must comply with EU GDPR if they have an ‘establishment’ in the EU, offer goods or services to people in the EU, or monitor the behaviour of people in the EU.

Not sure where to start? Our specialist charity data protection team offers data protection support tailored to your organisation for a fixed monthly fee (min. 12 months’ subscription). You can find more information here.