To help organisations prepare for the of the Brexit transition period at the end of 2020, the government has provided five key areas that all organisations will need to consider when the transition period is over. These are the areas where you will need to take action now, if your organisation:
- employs EU staff
- receives EU funding
- receives any personal data from the EU
- imports or exports goods with the EU
1. If your organisation employs EU staff
Research from CFG and IPPR indicates that up to 31,000 number of employees in the charity sector are EEA citizens, so it is important to ask your employees to check if they need to apply to the EU Settlement Scheme. EU, EEA or Swiss citizens can apply to the EU Settlement Scheme to continue living in the UK after 30 June 2021. The deadline for applying is 30 June 2021. While more than four million people have already applied under this scheme, for those who have not there is more guidance available on how to Apply to the EU Settlement Scheme (settled and pre-settled status).
2. If your organisation receives EU funding
There is still uncertainty about what will replace EU funding as part of the UK Shared prosperity Fund (UKSPF). CFG, alongside sector partners, is calling on the government to provide clarity and ensure that funding remains to at least the same levels as. We have also been clear that the replacement must be well designed to help with the ‘levelling up agenda’. You can read more about this in our Five-Point Plan.
A world-leading fund could begin to tackle the inequalities facing communities across the UK. However, it is still important to note that under the Withdrawal Agreement, the UK will continue to participate in programmes funded under the current 2014–2020 Multiannual Financial Framework until their closure. If this is of relevance to you please read this guidance.
3. If your organisation receives any personal data from the EU
The third area requiring action is how your organisation receives personal data from the EEA and EU. Your organisation must ensure it is able to lawfully receive data from 1 January. The Department for Digital, Culture, Media & Sports has now issued guidance and is recommending that organisations take the following actions:
- Check your organisation complies with the General Data Protection Regulation (GDPR).
- Understand your flows of personal data.
- If your organisation receives personal data from a business or organisation in the EEA, contact them to put in place Standard Contractual Clauses (SCCs) or other appropriate legal mechanisms for transfer to keep data flowing to the UK.
- Consult guidance published by the Information Commissioner’s Office.
The GDPR requires organisations to be accountable for the personal data they hold. Personal data is any information that can be used to identify a living person, including names, addresses and HR data such as payroll details.
The best preparation for data protection at the end of the transition period is to comply with the GDPR now. The UK remains committed to high data protection standards. GDPR will be retained in UK law after the end of the transition period alongside the Data Protection Act 2018.
3.2 Receiving personal data from the EEA
If a business or organisation in the EEA is sending your organisation personal data, then it will still need to comply with EU data protection laws. From 1 January 2021, your organisation may need to have SCCs in place with EEA counterparts in order to legally receive personal data from them.
The UK is working constructively with the EU to secure an agreement on data, known as ‘adequacy’, by the end of the transition period. This would allow for the free flow of personal data from the EEA to the UK without further action by organisations.
However, it is sensible for organisations to take steps to prepare for a situation where adequacy decisions are not in place by the end of the transition period so that their data transfers are not interrupted. This means taking action to put in place alternative legal mechanisms for transfers, such as SCCs with European counterparts.
3.3 Flows of personal data from the UK
There are currently no changes to the way your organisation sends personal data to the EEA (here is a link to the ICO guidance).
3.4 Personal data provisions in the Withdrawal Agreement
Members of the Group should be aware that Article 71 of the Withdrawal Agreement contains provisions that apply EU data protection law (in its end of the transition period state) to certain ‘legacy’ personal data if the UK has not been granted full adequacy decisions at the end of the transition period. ‘Legacy data’ includes personal data of individuals outside the UK processed in the UK prior to the end of the transition period, or subsequently on the basis of the Withdrawal Agreement. Since UK domestic domestic data protection law will be substantively the same as EU data protection law on January 1, this does not mean that you will need to treat this data differently in practice. However, you should ensure this data is appropriately labelled should you need to identify it.
More information can be found on the ICO’s website and here.
4. If your organisation imports or exports goods with the EU
While we strongly suspect that this will not apply to most charities in the UK, for the small percentage that it is relevant for, it is important to note that from 1 January 2021 the process for importing and exporting goods will change.
Find out what you need to do to continue to: For a more comprehensive overview visit the UK Transition page for guidance and updates.
If you import goods from the EU.
If you export goods from the EU.
For a more comprehensive overview, visit the UK Transition page.
FREE EVENT: OCS Brexit Guidance Webinar
To find out more about any of these and other issues, join us and the Office for Civil Society for our Brexit Guidance Webinar on Wednesday 2 December.
Book here now.
« Back to all blog posts