Keep up to date

Our latest news and blog posts from the world of compliance

GDPR News

By Ian Clark

In May 2018 our data protection legislation changes with the new European General Data Protection Regulations replacing the Data Protection

Act. If you process any personal data it would be worth your while looking into these changes. Gillian has quite some understanding of Data

Protection and the regulations. Contact us if you need to understand if and how you might need to change to become compliant.

There is also some useful info on the ICO (Information Commissioners Office) website:

https://ico.org.uk/for-organisations/data-protection-reform/

A20’S Brexit Briefing

By Ian Clark

In the current political uncertainty, a few clients are wondering what it might mean for certificates and compliance implications.

Specifically:

  • GDPR/Data Protection considerations
  • ISO certificates
  • CE Marking

Here is our summary:

GDPR and Brexit (No Deal)

When the UK exits the EU, the EU GDPR will no longer be law in the UK. The UK government intends to write the GDPR into UK law, with the necessary changes to tailor its provisions for the UK (the “UK GDPR”). We have set out the key practical points and preparations for you to consider if the UK were to exit the EU without a deal on 29 March 2019.

This is particularly relevant if your company:

  • Operates in the European Economic Area (EEA), which includes the EU;
  • sends personal data outside the UK;
  • or receives personal data from the EEA

The ICO has issued 6 steps to take: see link below

Some considerations

  • The one-stop shop is no longer applicable in the case of breaches and investigations, you will deal with the UK ICO as well as other EU country supervisory agencies in this scenario
  • Data transference outside of the UK – are fine as long as this to the EU (EEA) or if the country is outside the EEA and the EU have considered the country to have adequate arrangements for receipt of personal data (Adequacy decisions)
  • Transfers to the US: If the UK exits the EU without the Withdrawal Agreement (‘No Deal’), UK businesses will continue to be able to transfer personal data to US organisations participating in the Privacy Shield provided those US organisations have updated their public commitment to comply with the Privacy Shield to expressly state that those commitments apply to transfers of personal data from the UK.
  • As yet there is no agreement over whether the UK is considered to be adequate for transferring personal data from EU (EEA) to UK – in the event that there is no deal you’ll need to ensure safe transfer mechanisms – we advise that you set up Standard Contractual Clauses between you and those EEA countries sending you personal data.
  • Review your documentation – Article 30 records, Privacy Policies to ensure any new transfer mechanisms are adequately documented. Look to see where you might be importing EU data and take action.
  • Please speak to us for any advice and assistance.
  • ICO 6 Steps for Brexit No Deal

ISO Certificates

It appears that no general ISO standards will be impacted by a No Deal Brexit. This is the opinion of certification bodies from whom we have received communications. For example, BSI States ISO Standards will be unaffected by Brexit. The BSI plays a crucial role in supporting the worldwide adoption of single standards. Internationally agreed standards are beneficial to all, as they simplify global trade and encourage innovation. The organisation’s interest is to support the growth and development of UK business, but it can only achieve this through collaboration with European and International organisations.

CE Marking / MDR

Urgent Advice from CB’s
BSI as a notifiable body has asked the Competent Authorities for the EC policy on migration and validity of CE certificates from a UK notified body (NB) post 29 March 2019, if Article 50 is enacted and applied on this date without an agreed transition deal.

  • The Competent Authorities advise as of 30 March 2019, the UK will become a third country and the CE certificates will lose their validity.
  • However, very importantly, once CE certificates lose their validity post 29 March, they will not be able to be transferred or migrated to an EU NB

This advice DOES NOT APPLY to CE marking just for UK access. For medical devices, for example, the MHRA will continue to recognise the CE mark for placing on UK market (immediate term at least), and recertification should not be required.

Our advice is that you review what Brexit might mean for your CE Mark or MDR, as each case will probably be different. Please do contact us at A2O offices and one of our CE Marking / MDR specialists can chat this through on a case by case basis.And finally

New ISO standards – 45001 & 20252

We are starting work on transitioning BS OHSAS 18001 clients to ISO 45001. Most Certification Bodies (CBs) are transitioning over a period of visits, so there won’t be the last dash to the post that they had for ISO 14001 & 9001, which caused all sorts of resourcing issues for them! One of our consultants recently gained ISO 45001 Lead Auditor status, so we are in a position to help.

Market Research Clients: ISO 20252:2019 – the new Specification for Market Research is hot off the press. As with most standards you’ll have a couple of years before the 2012 version is no longer valid. Your consultant will be in touch soon to discuss transitioning for you!

If you have any questions please contact us:
Gillian Clark
0333 9874222
gillianclark@a2oconsultants.co.uk

Sign up to receive our latest compliance news & thoughts

(Please refer to our privacy policy for details)