https://ico.org.uk/for-organisations/data-protection-at-the-end-of-the-transition-period/

The General Data Protection Regulation 2016/679 (GDPR) is a regulation in EU law on data protection and privacy across the European Union and the European Economic Area (EEA). It also covers issues regarding transfer of personal data to countries outside of outside the EU and EEA areas.

This has been UK law for years and although cumbersome at times, it has improved the safety of personal data generally.

Now the UK has left the EU, what happens?

The UK helped to draft the GDPR and is committed to maintaining at least the same levels of protection for its citizens.

The GDPR was converted into a piece of UK domestic law called UK-GDPR in early 2020 and came into effect when the UK left the EU in January 2021.

If you are a UK business or organisation that already complies with the GDPR and has no contacts or customers in the EEA, then there be nothing further you need to do currently.

If you are a UK business or organisation that receives personal data from contacts in the EEA, you need to take extra steps to ensure that the data can continue to flow.

If you are a UK business or organisation with an office, branch or other established presence in the EEA, or if you have customers in the EEA, you will need to comply with both UK and EU data protection regulations at the end of the transition period. You may need to designate a representative in the EEA.

For more detailed information go to https://ico.org.uk/for-organisations/data-protection-at-the-end-of-the-transition-period/

If you have any experiences with these scams do let me know, by email.