Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Leadership Team

Meet the MetaCompliance Leadership Team

Careers

Join Us and Make Cybersecurity Personal

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

What impact will Brexit have on GDPR?

What impact will Brexit have on GDPR

about the author

Share this post

Following the UK’s departure from the EU, many organisations have been left wondering what impact Brexit will have on GDPR and what steps should be undertaken to comply with new laws and regulations.

When the GDPR came into effect on the 25 May 2018, it signalled the biggest shake-up of data privacy laws in 20 years. The legislation was designed to standardise data protection rules across the European Union and to recognise the rights of individuals with regard to the use of their personal data.

Organisations have spent a lot of time and effort over the last two years improving data protection processes and implementing new measures to comply with the landmark legislation.

This commitment to data protection has not been in vain as many of the measures undertaken will remain relevant and won’t change the way UK-based businesses process the data of subjects within this country.

However, now that the UK has formally left the EU, organisations will need to assess what changes need to be made to ensure compliance with the relevant data protection legislation.

To answer any questions that you might have, we’ve put together a brief guide outlining what the changes may mean for your business.

Brexit & GDPR – Everything you need to know

What impact will Brexit have on GDPR?

Will the GDPR still apply in the UK?

On the 1st January 2021, the EU GDPR ceased to apply in the UK as it’s an EU regulation. However, if your business operates inside the UK, you will still need to comply with UK data protection law. The UK government has incorporated the GDPR into UK law as the UK GDPR.

In practice, this means that very little has changed. There have been some amendments made to reflect the UK’s status outside of the EU, but essentially the core data protection principles, rights and obligations of the GDPR remain the same and have been enshrined in the UK GDPR.

Will the GDPR still apply if your business operates in the European Economic Area (EEA)?

Yes. If your business operates in Europe, offers goods or services to individuals in Europe, or you monitor the behaviour of individuals in Europe, then the EU GDPR will still apply. If your organisation has processing activities in both the EU and UK, you will need to comply with both the UK GDPR and the EU GDPR.

How does Brexit affect international data transfers?

As part of the new trade deal, the EU has agreed to delay transfer restrictions for a limited period of up to four months, which can be extended to six. This bridging mechanism will enable personal data to flow freely from the European Economic Area (EEA) to the UK until an adequacy decision is reached.

Since the UK has now left the EU it is classed as a ‘third country’ to Europe under the GDPR. Third countries are states that fall outside of the EU GDPR zone. Data transfers from the EU to third countries are subject to restrictions unless the European Commission grants a status called ‘adequacy’.

The European Commission awards adequacy to countries if they are deemed to have an adequate level of data protection. Other countries that have been awarded adequacy status by the EU include Argentina, New Zealand, Israel and Japan. If the UK is granted adequacy, the free flow of personal data will continue without any new restrictions.

Will the EU be adequate for data transfers from the UK?

Yes. The UK government has confirmed that it will transitionally recognise the EU as adequate to allow for data flows from the UK without any additional transfer mechanisms.

Will your business need a European representative?

If your business offers goods or services to individuals in the EEA or you monitor the behaviour of individuals in the EEA, then you may need to appoint an EU representative. Similarly, if your business is not based in the UK but you process the personal data of UK citizens, you may need to appoint a UK representative under the UK GDPR.

What will the ICO’s role be?

The ICO will remain the independent supervisory body governing the UK’s data protection legislation. However, it will no longer be an EU supervisory authority so if you process the data of EU citizens, you will need to have a nominated EU representative. The ICO has clearly stated that if you handle EU citizens’ data, you will still need to comply with the GDPR.

Who will you notify in the event of a data breach?

In the event of a data breach, a UK-based company would contact the ICO. Following Brexit, the ICO will only investigate data protection related incidents involving UK individuals. If the breach involves multiple nationalities, the ICO will launch an investigation and deal with the Supervisory Authorities in each of the affected territories.  If EEC data subjects are involved, you will need to contact the relevant EU Supervisory Authorities directly.

Will other data protection regulations be affected?

DPA

The UK Data Protection Act 2018 (DPA 2018) will continue to apply, supplementing the UK GDPR.

PECR

The Privacy and Electronic Communications Regulations 2003 (PECR) provides rules for marketing, cookies and electronic communications. It is a UK specific regulation derived from an EU Law known as the eprivacy directive (there are ongoing plans to replace the eprivacy directive with the ePrivacy regulation). PECR will therefore remain in place and is not affected by the UK’s departure from the EU.

NIS

The Directive on Security of Network and Information Systems (NIS) also derives from EU law but is set out in UK laws. As such, the current rules will continue to apply. However, if you are a UK-based digital service provider offering services in the EU, you may need to appoint a representative in one of the EU member states in which you provide services.

eIDAS

The electronic Identification, Authentication and Trust Services regulation is also an EU law, but no longer applies in the UK. However, the UK government has said it will incorporate eIDAS rules into UK law so if you are a UK trust service provider, you will still need to comply with these rules. Additionally, if you provide services in the EU, you will also need to adhere to eIDAS rules in EU member states.

FOIA

The Freedom of Information Act 2000 forms part of UK law and will continue to apply.

EIR

The Environmental Information Regulations are set out in UK law so will continue to apply unless repealed or amended.

What steps should businesses take post-Brexit?

Organisations will need to carry out a detailed data privacy review to assess if any changes need to be made. If your business is based in the UK and offers goods and services predominantly to UK customers, then you will need to do very little. However, if you provide goods and services to both the EU and the UK, then changes may need to be made. To ensure compliance with the relevant data protection legislation, your organisation should:

  1. Map data flows to ensure that your business can comply with both the UK GDPR and the EU GDPR.
  2. Update records of processing to meet EU GDPR and UK GDPR requirements.
  3. Assess whether there is an EU supervisory authority that will now qualify as a lead supervisory authority (LSA).
  4. Update security breach response plans to allow for possible notification to the ICO and EU LSA in the event of a breach.
  5. Consider whether your business needs to appoint a UK and/or EU representative.
  6. Update privacy notices to ensure they detail data flows and cover the relevant requirements of both legislations.
  7. Amend existing contracts and templates to include the appropriate referencing to both the UK GDPR and EU GDPR.
  8. Consider whether data protection impact assessments and legitimate interest assessments will need to be updated to comply with the UK GDPR.
  9. Ensure the appropriate safeguards are in place for cross-border data flows.
  10. Assess if you need to appoint a separate UK and EU Data Protection Officer.

GDPR for Dummies

Other Articles on Cyber Security Awareness Training You Might Find Interesting