Continuing my theme of what Brexit has meant to ICS. If you missed part one you can catch that here.

An area that does concern me and has yet to be fully resolved is around GDPR. While we were a part of the European Union we were seen as inside the circle of trust and therefore able to transfer personal information across international borders within the EU and EEA. We had taken this for granted as I am sure many other of us have.

We were alerted to this being an issue by the Diocese in Europe who have the added complication of having an office in London and an office in Brussels. They realised that they were going to be regularly sending personal information across an international border to what is now classed as the third country, Britain post Brexit. They have been talking with their lawyers for some time, but as the agreements are not worked out fully at this time, it is very difficult to be sure what will be required.

If the UK is seen as adequate and added to the list of countries that are adequate, then things will be easier. If that does not happen then we will have to operate as a third country and take a number of steps to be able to pass data across the international borders. Whether our size and the fairly infrequent nature of what we do will have an impact is yet to be clarified but what this does mean for us is we are having to take legal advice and consider carefully how we operate in the future with regards to our transfer of personal information and making sure we remain GDPR compliant.

The good news here is that this is not an unforeseen problem, we had been alerted to it and we are thinking about it already. The challenge is how time-consuming it is to get up to speed and make sure that we operate in a way that is compliant and with integrity.