Appogee HR GDPR and Brexit

Appogee HR is committed to providing the controls needed to assist our clients to meet their obligations as a data controller under GDPR, and our own as a data processor. Our users can leverage Appogee HR services with confidence understanding the robust data protection capabilities built-in to our services. Our commitments to data protection can be found here: https://www.appogeehr.com/trust/gdpr/

Whilst the final outcome of the current Brexit process is still currently unknown we are monitoring the progress for both our UK and EU customers and will ensure that our technical and contractual measures maintain compliance with the appropriate legislation for all our clients. This FAQ consolidates information from our own plans and the UK Information Commissioners Office.

Where does Appogee HR hold customer data and backups. Will this change post-Brexit?

Appogee HR data is securely held in the EEA across Google Cloud data centers within Google’s EU West regions: Production data BELGIUM (europe-west1) and Backup data NETHERLANDS (europe-west4) : https://cloud.google.com/about/locations/?region=europe#region .

We do not hold data within the UK data centers. For UK customers holding data in the EU is covered in either deal or no-deal scenarios. For EU customers this means that data held in Appogee HR’s systems remain in the EEA and will not be transferred to the UK post-Brexit so provisions relating to third-country transfers will not apply. We have no plans to change our hosting locations.

What will the data protection law be if the UK leaves with a deal?

At the moment personal data flow is unrestricted because the UK is an EU member state. If the proposed EU withdrawal agreement is approved, the ICO advises that businesses can be assured that personal data will continue to flow until 2020 while a longer term solution can be put in place.

What will the data protection law be if the UK leaves without a deal?

The Data Protection Act 2018 (DPA 2018), which currently supplements and tailors the GDPR within the UK, will continue to apply for UK businesses. The provisions of the GDPR will be incorporated directly into UK law if we leave the EU without a deal, to sit alongside the DPA 2018. The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019) merges the GDPR and the applied GDPR into the “UK GDPR” and amends the DPA 2018 and other legislation with the aim of ensuring that the UK legal framework for data protection functions correctly after exit day. The core data protection principles, obligations and rights will remain the same, so at this stage the ICO has decided not to produce an entirely new range of guidance.

Appogee HR is committed to maintaining compliance with both the GDPR and the Data Protection Act 2018 (DPA 2018).

DISCLAIMER: This webpage summarises our position with respect to GDPR and actions you can take as you prepare for GDPR. You should also seek independent legal advice relating to your status and obligations under the GDPR, as only a lawyer can provide you with legal advice specifically tailored to your situation. Please bear in mind that nothing on this website is intended to provide you with, or should be used as a substitute for, legal advice. This webpage does not form part of the contractual agreement between you, your company and Appogee HR. For full information you should refer to our Data Processing Amendment.