How does Zoho comply with the UK Data Protection Laws post-Brexit?

The Brexit transition period has ended on 31st December 2020 and the EU General Data Protection Regulation (GDPR) does not apply in the United Kingdom anymore.

With this, all the organizations that process personal data of individuals in the United Kingdom have to comply with the UK data protection laws. The UK has decided to retain GDPR in its domestic law. However, there are a few additional obligations that organizations like Zoho had to fulfil in order to be fully compliant.

1. What are the additional obligations and what has Zoho done about it? 

  • Registration with the ICO: As the GDPR does not apply directly in the UK anymore, organizations that process personal data of individuals in the UK have to pay an annual data protection fee, which requires registration with the Information Commissioner’s Office (ICO). Zoho has registered with the ICO and has paid the required data protection fee.
  • Appointment of local representative in the UK: As a Dutch company, Zoho Corporation B.V. is required to appoint a local representative in the UK. Zoho has appointed a local representative who can be contacted by email at representative.uk@zohocorp.com.
  • Privacy Policy for UK data subjects/customers: Zoho has published a separate Privacy Policy for its customers and data subjects from the UK. Our UK Privacy Policy is an adaption of our General Privacy Policy with minor changes necessary to comply with the UK data protection regime.
  • Registration of DPO with the ICO: We have registered our global Data Protection Officer with the ICO. If you have any questions or concerns about our privacy practices with respect to processing of your personal data, you can reach out to our DPO by sending an email to dpo@zohocorp.com.

2. Information processed by Zoho as a cloud service provider:

If you are a controller using Zoho services to process personal data of individuals in the UK, Zoho will be your processor. And, if you are a processor using Zoho services to process personal data of individuals in the UK, Zoho will be your sub-processor. Zoho will assist you to comply with the UK data protection laws by implementing appropriate technical and organizational measures. You can also execute a data processing addendum (DPA) with us, which can be initiated by completing this form.

If you have further questions about Zoho’s privacy practices and compliance with the UK data protection laws, you can reach out to our Privacy Team by sending an email to privacy@zohocorp.com.

Related Posts