Personal Data


    Data protection in the UK after Brexit 2020

    Here are the overall changes in the UK law after Brexit - The GDPR has been amended into the "UK-GDPR" (United Kingdom General Data Protection Regulation) taken effect on January 31, 2020. The Data Protection Act 2018 has been amended in conjunction with the new UK-GDPR. The GDPR (European) is applicable in the transition period from January 31, 2020 till December 31, 2020 (if further extension is not agreed upon between the UK and EU). The UK government is likely to consolidate the two laws (the UK-GDPR and Data Protection Act 2018) into the one data protection law at a later point. All the main principles, obligations and rights regarding personal data protection remain in force.

    What is UK-GDPR?

    The United Kingdom General Data Protection Regulation (UK-GDPR) is essentially the same law as the European GDPR, however, changed to accommodate domestic areas of law. It was drafted from the European GDPR and revised in accordance with the UK law. The core definitions and terms used are from the European GDPR, such as personal data, prior consent, personal data subject, controller and processor and their rights and obligations. The UK-GDPR expands and changes the European GDPR in such fields as: National security; Intelligence services; Immigration. These fields are not regulated by the European GDPR, since EU member states regulate national security issues at their own. Therefore, the UK-GDPR sets out exceptions for the regular protection of personal data, like issues of national security or immigration. It applies the same requirements for the collection and processing of personal data in regards to the intelligence services.

    Another great change in the UK-GDPR is that the Information Commissioner which is the leading data protection authority in the UK becomes the supervisor, regulator and enforcer of the UK GDPR. That means that instead of the European Data Protection Supervisor the Information Commissioner is the highest authority in the UK regarding personal data protection policy. Additionally, the Secretary of State has powers to make decisions in regards to the UK-GDPR. The UK-GDPR came into effect on January 31, 2020 and recognized all EU countries as being adequate in terms of personal data protection, along with recognizing all existing EU decisions in this field as adequate for the UK as well.And last but not least, a great difference is that the UK-GDPR lowered the age of valid consent to 13 years in the UK (in comparison with 16 years in the EU).

    How personal data are processed by Tranzbase?

    Tranzbase processes personal data only for specific purposes, personal data are not stored forlonger unless necessary. Tranzbase stores and processes personal data necessary for providing the services to the customer. Tranzbase processes personal data in one or more of the following cases:for concluding and executing the agreement; if requested by law; for pursuing legitimate interests;based on the consent of the personal data subject.

    Our personal data processing policy

    The Personal data processing policy establishes how Tranzbase processes and protects personal data of its customers, employees and personal data subjects. Additionally, more detailed information on how personal data are processed may be included in agreements with customers or other documents related to the services that may be found on the website.

    Who can access personal data?

    Tranzbase may transfer customers' personal data only in the following cases: - If personal data are required by a competent government authority; - If that is necessary for providing services to customers by data receivers authorized by Tranzbase, i.e., by companies processing personal data on behalf of Tranzbase.Tranzbase takes all the necessary measures in order to ensure that data receivers carry out processing of personal data in accordance with guidance from TRANZBASE, comply with certain security and confidentiality requirements, as well as other applicable legal requirements.

    Cases of non-compliance

    The "higher maximum amount" in regards to the penalties is:in case of an enterprise — 20 million Euros or 4% of the enterprise's total annual worldwide turnover in the preceding financial year, whichever is higher,or in any other case — 20 million Euros. The "standard maximum amount" is: - in case of an enterprise — 10 million Euros or 2% of the enterprise's total annual worldwide turnover in the preceding financial year, whichever is higher,or- in any other case — 10 million Euros. The maximum amount of a penalty is to be determined by applying the rate of exchange set by the Bank of England on the day on which the penalty notice is to given.

    If you have any inquiries regarding processing of personal data, send us an email to: