Brexit scams and personal data

Personal data is any information that can be used to identify a living person, including names, delivery details, IP addresses, or HR data such as payroll details. Most organisations use personal data in their daily operations. We’ve covered some of the changes to the way personal data is shared from the EEA to the UK, as set out on the Government’s webpage, below. We’ve also looked at some potential scams you need to be aware of.

I’ve been receiving emails about Brexit, apparently from the government, asking for my personal details. Is this a scam?

There are several scam emails about Brexit which often pretend to be from the government asking for personal details.

The government is not sending any emails about Brexit in this way. If you receive an email asking you to click a link or asking for personal details, just delete it or ignore it. It’s almost certainly a scam.

Find out more about spotting a scam and how to avoid being scammed.

What about protection of personal data after Brexit?

There are no immediate changes to the UK’s data protection rules now the UK has left the European Union. This is because existing EU common rules would continue to apply in the UK during the implementation period which runs until 31 December 2020.

However, from 31 December 2020 after the implementation period, any changes would depend on new agreements as to what changes might occur around sending data to organisations based in the EU.

Further information can be found on the Information Commissioner’s Office Website.

Is the ICO’s GDPR guidance still relevant?

UK data protection law during the implementation period which is until 31 December 2020 will continue to be aligned with EU General Data Protection Regulations (GDPR), so you should continue to use the Information Commissioner’s Office’s (ICO) existing guidance.

There will be no immediate changes to the UK’s data protection regime because the UK government brought the GDPR and Law Enforcement Directive directly into UK law.

This means that there will be no immediate changes to UK data protection standards.

After the implementation period there could be changes to the way data is shared from the EU to the UK. Businesses and organisations can review whether they might be affected by this change by checking guidance available on the ICO website.

We currently have no guidance on how data will be transferred to the EU from the UK.

Did you find this guide helpful?