GDPR News » What US Companies Should Know About Brexit and the Data Protection Authority

Brexit And The GDPR: Does Your US Business Need Two Data Protection Representatives?

Since January 1, 2021, the UK is no longer a Member State of the European Union (EU) and is considered a third country to the EU. The UK now applies the “UK GDPR”, an almost identical version of the EU GDPR. The rights, principles and obligations mostly stay the same. US companies that were doing business with the EU before Brexit now have to look at the UK with a different lens. One of the main questions regarding GDPR post Brexit is the data protection representative. Do you have to appoint one? Do you maybe even have to appoint two?

It Depends On Where You Do Business

I do business with the EU/EEA only

• you don’t have an establishment in the EU/EEA
• you offer products or services to individuals who are in the EU or monitor the behaviour of individuals in the EU (such as tracking or profiling)

I do business with the UK only

• you don’t have an establishment in the UK
• you offer products or services to individuals who are in the UK or you monitor the behaviour of such individuals

I do business with both the UK and the EU/EEA

• you don’t have an establishment in the EU/EEA or in the UK
• you offer products or services to individuals who are in the EU/EEA and the UK or you monitor the behaviour of such individuals

Can you benefit from the exceptions?

• You have an establishment in the EU (regarding the EU representative obligation) or in the UK (regarding the UK representative obligation)
• You are a public authority; or
• You process personal data only occasionally and you don’t process sensitive personal data on a large and your processing activities are not likely to affect the rights and freedoms of individuals in the EU/ UK.

EDPO participated in the Belgian Economic Mission to the United States in Atlanta, New York and Boston (6 to 11 June):

After a successful economic mission in London last month, EDPO participated in the Belgian Economic Mission to the US last week. Another great opportunity to raise awareness on the GDPR ’s forgotten obligation to appoint a Data Protection Representative. We attended events in memorable locations in Atlanta, New York and Boston, including an insightful seminar on data governance which was held at Massachusetts Institute of Technology (MIT). New windows are opening for data and privacy. “What is my data going to do for me today”? will be the next big question to ask. The continuum between impersonal and personal data is blurring and privacy actors will need to reinvent their job every day. 

The sectors of life sciences, fintech, regtech, AI, and many more were also on the pedestal during the week. Our founder Jane Murphy was given the opportunity to tell EDPO’s story during the New York FEB Luncheon in the presence of Her Royal Highness Princess Astrid of Belgium, which included discussions on the future of transatlantic data transfers. We also discussed female entrepreneurship at two events in Atlanta and New York and met with fabulous leaders such as Dr Ilham Kadri (Solvay).

An intense week that will no doubt trigger more collaboration between Belgium and the USA in the years to come! 

Thank you hub.brussels and all organisers who made this mission a great success!