Never before has ”Big tech” been under as much scrutiny!
News broke last night of the US Federal Government attempting to leverage pressure on Facebook to be broken-up. Anti-competition was being stated as the reason for this most recent battle to split Facebook from its’ wares!
Further news from the FT this morning has reported the EU’s next big law the ”Digital Services Act”, which may force hi-tech to face ”policing the internet, or we’ll fine you!”, with 6% of their global turnover at stake.
UK transition from exiting the EU has nearly concluded (Brexit). At 23:00 on the 31st December, no matter what “deal or no deal” The UK will have transitioned! Currently, no adequacy decision exists (see our article on No deal, not adequate | Ascot London Consulting), so we are reliant upon measures mentioned in our previous articles, as the new UK derivative of GDPR UK-GDPR, will be one of the laws by which the UK govern data protection.
As we have found in most sectors (outside legal), the data protection portion of the UK transition is being drowned-out. What has come to the forefront of marketing is the mass of firms selling “EU representative” packages to the UK market.
“If you do not have any EEA offices, branches or other establishments, you should consider whether you are processing personal data of individuals in the EEA that relates to either: offering goods or services to individuals in the EEA or monitoring the behaviour of individuals in the EEA.”
Let’s debunk the fake news! Reports of all companies needing a Data Protection representative inside the EU are NOT TRUE!
EU Representative are not required, if:
- you have a branch, office or establishment within the EEA
- your organisation is a Public Authority
- or Processing is occasional or low risk
How you deal with EU citizen’s data changes from 23:00 on the 31st December 2020, if you sell services or provide goods to EU citizen’s or you monitor the behaviour of those same individuals.
So, let’s dig into some of the detail in the legalese!
“Public Authorities” do not require an EU representative under GDPR laws when the transition period ends on 31st December 2020.
So who are classified under “Public Authorities”?
A “public authority” is defined by UK data protection law, as either
(a) a public authority as defined by the Freedom of Information Act 2000,
(b) a Scottish public authority as defined by the Freedom of Information (Scotland) Act 2002 (asp 13), and
(c) an authority or body specified or described by the Secretary of State in regulations.
Need more help? Give us a call!