What does UK GDPR look like after Brexit?, image of personal files in a drawer | Crunch
Picture of crunch software on mobile

Professional Bio Templates & Examples

Create a compelling professional narrative for a proper, attention-grabbing introduction.
Website bios
Speaker intros
Professional Profile

GDPR stands for ‘General Data Protection Regulation’.  It came into force on May 25th 2018 for all European Union members, and with the risk of large fines, GDPR is a term that all businesses, large or small should be aware of.

With the UK now outside of the EU, however, the application of GDPR has gotten a little murkier: does it still apply in the UK, and if so, what are the rules? Our friends at Lawbite have pulled together the facts and information that you need to know to ensure you don’t fall foul of the rules.

What is UK GDPR?

UK GDPR is the retained version of the EU General Data Protection Regulation 2016. Alongside UK GDPR there is the Data Protection Act 2018 and Privacy and Electronic Communications Regulations 2003 (“PECR”) that are applicable to UK-based businesses that process personal data.

What is Personal Data?

Personal data is any information identifying a data subject (individual in personal or business capacity) directly or indirectly including name, email address, postal address, user ID, IP address and others. If your business has customers, suppliers, business contacts, employees or freelancers and uses their contact and other personal details in the course of its business it will be subject to the UK GDPR rules.

What are the penalties for non-compliance?

The penalties are very high up to £17.5 million or 4% of the business' total annual worldwide turnover in the preceding financial year.

What is the Information Commissioner’s Office (“ICO”)?

The ICO is the UK’s independent authority that is responsible for upholding information rights. It is a requirement that every organisation that processes personal data as a data controller, unless it is exempt, to register with the ICO and pay a fee. The fee is currently between £40 and £60 for most organisations annually but can be up to £2,900.

Data Controller or Data Processor?

Most businesses act as both. You are likely to be a data controller in situations where your business decides how and what personal data to collect, store and dispose of and this is normally in relation to such data subject categories as users, customers, employees, contractors, freelancers, suppliers and business contacts.

Your business will likely act as a data processor where there is exposure to personal data shared with your business by customers or users in relation to their employees, clients, contractors and other parties and where your customers or users make decisions about the personal data with your business only using the data as far as it needs to in order to provide its goods or services.

What is necessary for compliance?

UK GDPR can be a documents heavy area depending on the complexity of your business and how personal data is processed. Some “one-man band” companies may cover everything they need in a bespoke details privacy policy, cookie policy and terms and conditions. Whereas other businesses might likely need a number of documents, procedures and training sessions in order to show and record their compliance.

It would be usual for an organisation that is a data controller to have the following documents:

  • record of data processing activities (use flowcharts)
  • data protection policy
  • data retention policy
  • IT security policy
  • privacy policy for website/ app
  • terms and conditions for website/ business
  • cookie policy
  • privacy policy for employees
  • data protection impact assessment(s) where necessary
  • other potential documents, such as data breach policy, data subjects rights policy and others

Data Processors, often including contractors, freelancers, services providers and similar parties that have access to personal data during the course of the provision of their services need to have data processing agreements or language in place with their customers.

Most of the above-mentioned documents are internal with user-facing documents typically including website or app privacy policy, cookie policy, terms and conditions, consent language and marketing options.

Steps to demonstrate compliance include:

  • privacy governance structure 
  • policies, documents and procedures
  • implementation of technical and security measures
  • training
  • tests and audits to demonstrate compliance.

What are the lawful bases for processing?

The must be a lawful basis to lawfully process personal data for each of the data / subject category, including:

  • consent
  • contract or taking pre-contractual steps
  • legal obligation
  • vital interests
  • public task, or
  • legitimate interests.

What rights do individuals have in relation to their personal data?

The individuals’ rights include the following:

  • right to be informed about processing
  • right of access
  • right to rectification
  • right to erasure
  • right to restrict processing
  • rights to data portability
  • right to object
  • right in relation to automated decision making and profiling.

International Data Transfers

For transfers outside of the European Economic Area (EEA) and UK use safeguards, including:

  • transferring to countries that have adequacy decisions and are considered as having similar protection as countries within EEA
  • use Standard Contractual Clauses
  • when necessary for the performance of a contract
  • necessary to establish, exercise or defend legal claims.

If your company is not established in the UK and does not have a branch or a subsidiary in the UK you will need to appoint a UK data protection representative. The same applies to European countries.

Transfers of personal data to EU/EEA following Brexit

Adequacy decisions in relation to UK – in June 2021 the EU (European Union) approved adequacy decisions for the EU GDPR and the Law Enforcement Directive, both expected to last until 27th June 2025. This means personal data can continue to flow as it did before between UK and EU/EEA (European Economic Area).

EU has new Standard Contractual Clauses for international transfers as one of the options where additional safeguards are required for international personal data transfers but they have not yet been approved by UK ICO. UK ICO conducted consultations between August 2021 and October 2021 in relation to its draft International Data Transfer Agreement and its draft Addendum to EU Standard Contractual Clauses but there are no approved new versions as of 8 November 2021 and it is advised that the previous versions of the EU Standard Contractual Clauses are used in the meanwhile for international transfers that require additional safeguards as it is decided that Standard Contractual Clauses would be suitable (data transfers from UK to any countries outside of EEA that do not have adequacy decisions in relation to them).

What is Crunch doing to ensure my data is protected?

At Crunch, we take GDPR really seriously and we have a range of safeguards and initiatives to ensure we’re fully compliant with GDPR. Our privacy policy confirms that we manage data according to GDPR, so that’s a tick in the box for you if you’re a Crunch Client.

Need GDPR advice?

Our legal partner LawBite is here to help. They offer Crunch clients free legal consultations to help businesses identify exactly what they need to do for GDPR compliance. You can book your consultation via our Legal support webpage, or speak to your client managers.

Speak to an accounting expert

If you're unsure what level of support you need, our friendly team are on hand to help you pick the right package for you.
Self Assessment tax returns done for you, from just £200 £125+VAT
Take the stress out of Sole Trader Accounting, with our simple online software, so you can look after your accounts anytime, anywhere.
Share this post
Clive Rich
Barrister, Mediator, Arbitrator and Negotiator
Updated on
October 28, 2021

Knowledge Hubs

Take control of your accounts, today

Crunch’s effective software package includes being able to talk to an expert client manager and a Chartered Certified Accountant. You can count on Crunch to make you productive and profitable.

Save your seat! Live e-commerce webinar

Register and soak in the wisdom from top industry leader! June 27, 2024 1:30 PM
Dive into e-commerce basics
Expert industry insights
Practical tips and savvy tricks
Pro Tip
Work out the tax you owe in seconds

Discover your true take-home pay with our self-employed tax calculator – see exactly what you’ll keep after tax, National Insurance, and expenses.

Pro Tip
Want to know how much National Insurance you owe?

Find out exactly what you owe on your income in seconds with our free National Insurance calculator.

Pro Tip
Want to know how much mileage you can claim for?

Our free mileage allowance calculator can help you see in seconds what you could get back.

Pro Tip
Want to work out your income tax?

Find out what Income Tax and National Insurance you owe on your earnings with our free tax calculator.

Pro Tip
Want to work out what your Capital Gains Tax bill?

Our free Capital Gains Tax calculator shows what tax you owe on any property, stocks or gifts.

Pro Tip
Want to know how much dividend tax you owe?

Find out exactly what you owe on your investments in seconds with our free dividend tax calculator.

Pro Tip
Want to see what we're currently working on?

Our public roadmap shows what we're working on and what's coming next. You can even vote on what features we work on next!

Pro Tip
Your ultimate guide to stress-free taxes

Tackling taxes can be tough! Get our "Ultimate tax guide for the self-employed" now to make it easier.

Pro Tip
Claim your FREE ecommerce guide today

Curious how great accounting can boost your e-commerce business? Download our guide to discover 8 key ways!

Pro Tip
Unlock the secrets of Ltd company expenses

Don't miss out on potential tax savings - get access to our 'Limited Company Expense' guide today!

Pro Tip
Want to make sure you don't miss any tips?

Sign up to our newsletter for expert insights, tax news and other essential updates that will keep your business thriving. Subscribe now!

Pro Tip
Ready to save big on Ecommerce accounting?

Crush your current accounting and software fees by up to 60%. Put us to the test and watch your savings soar!

Pro Tip
Looking for a dedicated accountant?

Our Enterprise packages offer tailored support for you and your business. You can focus on your business, we'll crunch the numbers.

Pro Tip
Boost your business finances with our Ltd Company packages!

Award-winning software with support from expert accountants

Pro Tip
Take the stress out of Sole Trader Accounting

Real-time insights, expert support—stay on top of your finances with ease.

Pro Tip
Get £75 off your Self Assessment

Get your tax return sorted by experts for only £125+VAT!

Pro Tip
Using cloud-based accountancy software to manage your finances gives any small business a big advantage!

At Crunch we provide affordable cutting-edge, easy-to-use software with real human support from expert chartered accountants. That’s probably why 81% of our clients would recommend Crunch.

Pro Tip
Want access to real expert accountants?

All our accounting packages include free access to Chartered Certified Accountants, so you can make confident business decisions without worrying about extra costs racking up.

Pro Tip
Get £75 off your Tax Return!

Crunch’s Self Assessment service provides an expert accountant to complete, check, and file your Self Assessment for you for just £125 +VAT.

Pro Tip
Did you know - We have a free plan that is great for sole traders and limited companies?

Why not see for yourself? It’s simple and easy to use and 100% free.