Chapter 5 - Legal & regulatory issues (15 Qs) Flashcards

1
Q

What are the two main areas of regulatory responsibility for the FCA in respect of insurance broking firms?

A
  1. Authorization - called prudential regulation, which is to ensure the firms are financially sound
  2. Conduct of Business - treating customers fairly

FCA responsible for all aspects of insurance sales & advice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Do insurance broking firms need to be authorised by the FCA if they intend to undertake regulated activity by way of business for remuneration?

A

Yes - they must. FCA calls it ‘insurance mediation’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is meant by insurance mediation in the FCA’s view?

A

Any firm wishing to offer independent advice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In terms of insurance mediation, what are the 4 main categories identified by the FCA which are regulated?

A
  1. Arranging - purchasing insurance policies e..g introduction of a client to a broker or assisting in the completion of a prop form
  2. Advising - on purchases e.g. advising how a policy meets client’s needs and having an opinion on it
  3. Dealing - as an agent e.g. entering into a contract with a client on behalf of an insurer (DA)
  4. Assisting - admin and performance of the policies e.g. all client service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the 6 steps to authorisation that insurance brokers need to follow?

A
  1. Decide scope of authorisation e.g. what activities will the firm undertake
  2. Understand the FCAs principles of business and how they apply
  3. Prepare a business plan that addresses FCA’s requirements
  4. Calculate minimum requirements for business to operate
  5. Decide whether processes, systems and controls within the firm meets FCAs requirements and are adequate to manage business
  6. Decide which people with be ‘authorised persons’ within the firm (responsible for key activities)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When authorising firms, what does the FCA focus on

A

Business model (how it earns), Governance (management, directed & controlled), Culture (shared values & standards) and Systems & controls the firm intends to place over:
- Product governance - control it has over insurance products & services
- End-to-end sales processes - procedures it follows when selling
- Prevention of financial crime - identification and prevention of criminal activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When the FCA is assessing applicants understanding of how it ensures to treat customers fairly, what does it consider?

A
  • Corporate culture - how firm identifies, manages and reduces risk
  • Sales procedures
  • Product design - if customers needs are being targeted accordingly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the FCAs approach to the suprervison of firms?

A

Risk-based -> directs resources to firms it believes pose the greatest risk to customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the primary objective of the FCAs supervision?

A

Consumer protection & Treating customers fairly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does a ‘high risk’ firm mean to the FCA?

A

Can be high risk of failure, but also could be referring to a firm that if failed, would have a large impact on customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the main outcomes of the FCA’s ‘New Strategy’ in 2015?

A
  1. Classification - Changed from C1-4 (C1 being a bank and C4 being small intermediary) to ‘fixed portfolio’ (programme of supervision from FCA) to ‘flexible portfolio’ (event-driven supervision). Changes depending on risk identified so firms will move over time.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How are fixed portfolio firms and flexible portfolio firms supervised different?

A

Fixed portfolio - allocated named individual supervisor and continuously assessed
Flexible portfolio - supervised through combination of market-based thematic work and programmes of communication and education aligned with risks identified in the sector. These firms use FCA Customer Contract Centre for contract with FCA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the 3 pillars the FCA’s supervision model is based on?

A
  1. Firm Systematic Framework (FSF) - assess firms conduct risks (are customer interests at heart) e.g. by assessing business model and strategy to ensure businesses are embedding fair treatment of customers.
  2. Event-driven work - supervisory activity in response to emerging issues or events.
  3. Issues & products - thematic work on sectors or products putting customers at risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does the FCA monitor the position of firms who detail directly with clients (called retail firms)

A

Require them to report on certain activities by:
- Completing a Retail Mediation Activities Return (RMAR) -> onto a system called GABRIEL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is SM&CR & What are the key aims of it?

A

Senior Managers & Certification Regime = individuals who conducted controlled functions need to be approved by the FCA within an authorised firm. Applied in December 2019
Key aims:
- Encourage greater clarity of responsibility
- Improve corporate governance by demonstrating accountability for decisions
- Ensure responsibility is clear
- Identify who really runs the firm
- Give the FCA a framework to take enforcement action if issues occur
- Place responsibility for ‘authorising’ those who undertake significant harm functions on the firm rather than FCA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What do the following key features relate to?
= Focuses on senior individuals who hold key roles & responsibilities:
- Ensure each senior manager has a ‘statement of responsibilities’
- Introduce a ‘responsibilities map’
- ensure that all senior managers are pre-approved by the regulators before
carrying out their roles; and
- ensure those who hold a senior management function are assessed for
fitness and propriety at least annually

A

Senior managers regime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does the following describe:
= Applies to all ‘material risk takers’ & staff who pose harm to firm or customers
Firms identify the individuals and then:
- assess them as fit and proper;
- issue a certificate to each affected employee to this effect; and
- have procedures in place to re-assess the fitness and propriety of certified
staff on an annual basis including the requirement to issue an annual
certificate to confirm this.

A

Certification Regime - onus is on the firm to assess individuals are fit and proper for the role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does the following paragraph relate to?
These are high-level rules that apply directly to nearly all staff (apart from
ancillary staff, e.g. catering staff). Firms must ensure that staff who are subject
to the rules are aware of them and how they apply to their jobs.

A

Conduct Rules of the SM&CR regime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Should firms fall short of the regulators expectations under the Financial Services Act 2012, what does the FCA have the power to do?

A

Can intervene, discipline and enforce, how:
- Withdraw firms authorisation
- Discipline individuals and firms
- Impose penalties
- Apply to the court for injunction ( stop certain actions)
- Prosecute

THE EMPHASIS IS ON PREVENTION RATHER THAN CURE - KEY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the legal impacts of the FCAs regulation on insurance brokers?

A
  1. Criminal offence to carry on regulated activities without authorization
  2. Regulated firms must establish that insurers, brokers or intermediaries are properly authorised or exempt
  3. Regulated firms supervised by the FCA must adhere to rules and principles
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How many FCA principles of business are there? What are their purpose and what are they?

A

11 principles providing foundation for regulation. Guide for authorised firms to achieve strategic and operational objectives.
1. Integrity
2. Skill, care and diligence
3. Management and Control - organise affairs responsibly
4. Financial prudence - maintain adequate financial resources
5. Market conduct - observe standards of the market
6. Customers’ interests - treat fairly
7. Communications with clients - cannot mislead
8. Conflicts of interest - manage them fairly
9. Customers: relationships of trust - ensure suitable advice
10. Client’s assets - arrange adequate protection
11. Relations with regulators - open and cooperative.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is TCF?
How does it relate to the FCA PRIN?
What are 6 TCF outcomes?

A

= Treat customers fairly - initiated by the FSA (previous regulator) and is now fundamental aspect of regulatory compliance. All UNDER THE UMBRELLA OF PRIN NO. 6
Outcomes:
1. Consumers are confident dealing with firms who TCF
2. Products and services marketed and sold are designed to meet needs of consumers
3. Consumers are provided with clear information and kept informed through sales
4. Customers receive suitable advice
5. Consumers are provided with products which firms have led them to expect
6. Consumers do not face unreasonable post sale barriers.

TCF should be in the whole product life-cycle from first contact with potential client to ongoing service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the 6 stages of the product life-cycle? How does it relate to TCF?

A

Product design and governance -> identify target market -> marketing and promotion of product -> sales and advice processes -> after sales information -> complaints handling -> to the beginning

At all stages of the product life cycle customers should be treated fairly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the FCA’s consumer duty?
When did it come into force?
What are its implications?
Why has it been brought in?
What are the 3 distinct elements?

A

Brought into force july 2022, expected full implementation july 2024 and has implications for product development, marketing, sales, customer support and compliance.
FCA considered too many financial firms not adequately considering customers’ needs (e.g. misleading information and services not fit for purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the 3 distinct elements of the FCA’s Consumer Duty?

A
  • The consumer principle - firms must deliver good outcomes for clients
  • Cross-cutting rules - rules spread across FCA Handbook to amplify consumer principle
  • Specific outcomes - More detailed set of rules and guidance of expectations of firms conduct
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

How does the FCA define a vulnerable customer?

A

“someone who, due to their personal circumstances, is especially susceptible to
harm, particularly when a firm is not acting with appropriate levels of care” e.g. poor health, poor literacy and numeracy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

How does the FCA expect firms to achieve good outcomes for vulnerable customers?

A
  • Understand the needs of the market/customer base
  • Ensure staff have right skills to recognise and respond to needs to vulnerable customers
  • Respond to customers needs throughout product design, customer service & communications
  • Monitor and assess whether they are meeting and responding to the needs of customers with characteristics of vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is ICOBS?
What is its purpose?

A

Insurance: Conduct of Business Sourcebook from the FCA, divided into 8 chapters and provides a blend of regulatory rules and guidance to apply to insurance brokers
Purpose: provides a means by which the FCA can reinforce its principles in the general insurance market. Intended to provide as much flexibility as possible, while addressing key issues of potential consumer detriment.
IS A BLEND OF GUIDANCE AND RULES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are the 8 chapters of ICOBS?

A
  1. Application - scope & who it applies to (only brokers who are in contact w/ client)
  2. General matters
  3. Distance communications
  4. Information about the firm, services and remuneration
  5. Identifying client needs and advising
  6. Product information
  7. Cancellation
  8. Claims handling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What does ICOBS Chapter 2 relate to?

A

General Matters - defines different categories of customer e.g. consumer and commercial customer. If it is unclear what capacity consumer is acting in, must be treated as a consumer.
Also covers: inducements, record-keeping, financial promotion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which chapter of ICOBS includes the following information:
= Insurance broker must disclose its status e.g. authorisation status.
Can be done using an Initial Disclosure Document which is compulsory for consumer contracts
Under ‘scope of service’ brokers must disclose:
- Extent to which firm has searched the market
- Whether advice is restricted or a ‘fair analysis of the market’
- The extent to which the policy recommended meets demands and needs.

A

Chapter 4 - Information about the firm, services and remuneration

32
Q

What chapter of ICOBS includes the following information:
- Guidelines on the sale of relevant insurance products e.g. if a policy is sold, the client must be able to claim a benefit from it.
- Guidance on how brokers should explain the requirements of material fact.

A

Chapter 5 - Identifying clients needs and advising

33
Q

Which chapter of ICOBS includes the following information:
- Provision of information regarding products sold at each stage of contractual process
- All about allowing customers to make informed decisions
- Type of information and timing is specified in the rules e.g. ‘appropriate information’ ‘in good time’ e.g. full price disclosure, contract law applicable, complaints handling procedures, cancellation provision
- Covers the kind of pre and post contractual information that should be provided e.g. policy summary

A

ICOBS 6: Product information

34
Q

Which chapter of ICOBS relates to the following information?
- circumstances in which the rejection of a claim is unreasonable
- circumstances which have changed with the enforcement of Consumer Insurance (Disclosure and Representations) Act 2012

A

ICOBS 8: Claims handling

35
Q

What does competency mean & what are the 3 areas of training & competency the FCA states firms need to consider?

A

Competency = skills, knowledge and expertise needed to discharge the responsibility of the employee’s role, including a good standard of ethical behaviour.
3 areas:
1. Assessing competence
2. Maintaining competence
3. Record-keeping

36
Q

What are the two ways the FCA provides guidance for training and competence?

A
  1. Senior Management Arrangements, Systems and Controls (SYSC) sourcebook - describes high level competence requirement
  2. Training and Competence sourcebook (TC) - outlines specific requirements for certain activities
37
Q

The rules are quite clear that a firm must satisfy themselves of the suitability (honesty and
competency) of those acting on its behalf. The two key principles are that a firm must:

A
  • employ personnel with the skills, knowledge and expertise necessary for the discharge of
    the responsibilities allocated to them; and
  • take into account the nature, scale and complexity of its business, and the nature and
    range of financial services and activities undertaken in the course of the business.
38
Q

Does the Training and Competence sourcebook provided by the FCA provide extra requirements for brokers with retail clients?

A

Yes. They are:
- Must supervise employees until demonstrate necessary competence to carry on activity
- Firms must have detailed written manual for the assessment of competence and maintaince of competency through employee’s development.
- Must be supervised until assessed to be competent and then competency must be maintained through CPD (continuing professional development)

39
Q

Once a person is deemed competent their name is added to a list of competent persons which every firm is required to maintain. What must this maintenance of competency take into account?

A
  • Technical knowledge and its application
  • skills and expertise
  • changes in the market and to products, legislation and regulation
40
Q

How is financial crime defined by law?

A

Fraud, dishonesty, misconduct in or misuse of information relating to a financial market or handling the proceeds of crime

41
Q

What are the two main areas of financial crime relating to insurance brokers?

A
  1. Money laundering
  2. Bribery and corruption
42
Q

Define money laundering and explain the 3 stages of the process

A

= The process by which criminals and terrorists convert money that has been obtained illegally into legitimate funds.
1. Placement (purchase a policy)
2. Layering (conceal the originals of money or additional transactions/transfers)
3. Integration (Criminals access clean money legitimately, e.g. RP or claim payment)

43
Q

What are the 3 strands of laws relating to money laundering?

A
  • specific laws that define what represents a criminal offence and the penalties that apply;
  • money laundering regulations that apply to a range of firms carrying on activities in the
    financial sector (but not specifically to general insurance); and
  • regulatory rules and guidance which may apply in different ways to different firms.
44
Q

What are the 4 specific laws relating to money laundering (don’t apply directly to insurance intermediaries)

A
  1. Criminal Justice Act 1993
  2. Proceeds of Crime Act 2002 (POCA)
  3. Serious Crime Act 2007
  4. Money Laundering Regulations Act 2017
45
Q

What law relating to money laundering does the below description apply to?
This Act requires individuals not to be actively involved in
money laundering, collusion or concealment, but also that they report any knowledge or
suspicion of money laundering

A

= Criminal Justice Act 1993

46
Q

What law relating to money laundering does the below description apply to?
extends the range of offences for money laundering. It sets up an agency whose purpose is to recover the proceeds of criminal activity. There are provisions for fines, confiscation or restraint orders. Offences under the Act include concealing, disguising, converting or transferring criminal property ,acquiring, possessing or using criminal property and failing to disclose that someone else
is engaged in money laundering. Linking with the Criminal Justice Act 1993, relating to
the failure to report actual knowledge or suspicion of money laundering, it introduces the
concept of ‘tipping off’ a suspected person a criminal offence. The implications for
insurance brokers are that all employees of any firm must report any suspicious activity.

A

= Proceeds of Crime Act 2002

47
Q

What law relating to money laundering does the below description apply to?
The Act extends a range of serious crime orders and amends
the POCA in a number of ways. It also created the Serious Organised Crimes Agency
(SOCA) which merged into the larger National Crime Agency (NCA) in 2013.

A

= Serious Crime Act 2007

48
Q

What law relating to money laundering does the below description apply to?
These regulations cover a wider range of
businesses (including life assurance companies and financial advisers) and areas such
as customer due diligence, policies and procedures, registration and enforcement.

A

= Money Laundering Regulations Act 2017

49
Q

What laws created the systems to prevent and control money laundering?
What areas does the law cover?

A

Money Laundering Regulations 1993 & 2007 - 2007 law applies to a wider range of businesses than the first law and covers:
1. Customer due diligence
2. Policies and procedures
3. Registration
4. Enforcement

50
Q

What does the FCA require from firms in relation to money laundering?

A

= Take appropriate measures (in conduct, admin & employment) to prevent financial crime, facilitate detection and monitor incidence. Must have systems and controls in place and document the procedures and appoint an MLRO

51
Q

What is an MLRO and what is their responsibilities?

A

Money Laundering Reporting Officer:
- Responsible for firms compliance with rules concerning systems and controls to combat money laundering
- act as focal point for all money laundering activities

52
Q

What should an employee do if they suspect money laundering is taking place?

A

Report it to the MLRO and then if MLRO decides suspicious enough reports to the NCA. Anyone who reports has identity protected

53
Q

Under the terms of the Bribery Act 2010, what are the 4 criminal offences?

A
  • Giving, promising or offering a bribe
  • Requesting, agreeing to receive or accepting a bribe
  • Bribing a foreign public official
  • Failure from a commercial
54
Q

What is the advice of the FCA regarding gifts and hospitality?

A

Suggest firms should have a procedure setting out what is and what is not acceptable - many firms have a ‘gift register’ where employees record any corporate hospitality undertaken.

55
Q

What are the different guidelines for identity checks for consumers and companies?

A

Consumers - should be ‘photographic’ e.g. passport and verification with a reputable institution e.g. bank
Companies - establish name, registered number and business address through Certificate of incorporation or company registry

56
Q

How long should records of proof if identity be kept for?

A

5 years

57
Q

What should proof of identity be obtained before?

A

Any financial transactions are completed

58
Q

Who is responsible for the implementation and administration, licensing exemptions of international financial sanctions in the UK?

A

HM Treasury

59
Q

What do the following two laws relate to:
1. Terrorist Asset Freezing etc. Act 2010
2. Counter-Terrorism Act 2008

A

Financial sanctions (domestic designations)

60
Q

As well as checking the sanctions list, what else do broking firms need to prove to the FCA?

A

They have procedures in place to comply with the sanctions. e.g. access to SanctionsSearch

61
Q

What is ELTO and why was it introduced?

A

= Employers’ Liability Tracing Office
To make it easier for employees to search for employers’ liability insurance policies using a central database.
Why? Employees may not make a claim until after have left the company, so makes it easier to trace

62
Q

What are the FCAs requirements for brokers relating to ELTO?

A

Must enter data onto the ELTO database; now a section on the database specifically for brokers (intermediaries)

63
Q

When did the Data Protection Act (1998) come into effect and what is it related to (summary)

A

Came into affect march 2000 and replaced DPA 1984. Is related to the regulation of personal data and provided individuals with protection from organisations who had lost, disclosed without authorization or retained inaccurate information about them.

64
Q

What is the definition of personal data?

A

Information relating to a living individuals who can be identified from that data, with or without the information that the data controlled has in their possession.

65
Q

What government act do the following 8 principles relate to?
1. Information containing personal data shall be processed fairly and lawfully.
2. Personal data shall only be held for specified and lawful purposes.
3. Personal data must be adequate, relevant and not excessive.
4. Personal data must be accurate and up to date.
5. Personal data held for any purpose(s) shall not be kept for any longer than necessary for
that purpose(s).
6. Personal data shall be processed in accordance with the rights of data subjects under
the Act.
7. Appropriate security measures shall be taken against unauthorised access to, or
alteration, disclosure or destruction of, personal data and accidental loss or destruction of
personal data.
8. Personal data shall not be transferred to a country outside the EU unless that country has
an adequate level of protection for the data subject

A

Data Protection Act 1998

66
Q

What are the rights provided to the data subject from the DPA 1998?

A
  • have access to data held on them;
  • prevent data processing likely to cause damage or distress to them;
  • prevent data processing for the purpose of direct marketing;
  • avoid automatic decision-taking based on incorrect data;
  • compensation if the individual suffers damage as a result of any contravention of the Act
    by a data controller;
  • apply to the court to enforce the rectifying, blocking, erasing or destroying of incorrect
    data; and
  • make a request to the Information Commissioner for an assessment to be made as to
    whether any provision of the Act has been contravened.
67
Q

What regulation does the following points relate to?
- Ensuring sensitive health, social care and education data can continue to be processed ensuring confidentiality in safeguarding positions
- Restricting rights to access and delete data where there are legitimate grounds (e.g. national security)
- Setting the age from which parental consent is needed to process data online
- Providing the Information Commissioner’s Office (ICO) with enhanced powers to regulate & enforce data protection laws

A

DPA 2018 - aims to modernise data protection laws to ensure effective in the years to come

Has now been amended to reflect the UK GDPR and is the current legilation governing data protection in the UK

68
Q

For the most serious data breaches, what fines can the ICO levy?

A

Up to £17.5m or 4% of annual turnover if higher. Can also bring criminal proceedings against a data controller if they have altered records with intent to prevent disclosure

69
Q

Who does the UK General Data Protection Regulation (GDPR) apply to?

A
  • Applies to the UK and NI and replaced previous EU GDPR.
  • Places legal obligations on controllers and processors e.g. firms required to maintain records of personal data and processing activities
70
Q

What information does the UK GDPR apply to?

A

= Personal data of an identified living individual.
-> Applies a wider definition of previous DPA
- The definition of personal data reflects changes in technology and way info is collected e.g. a IP address can be classed as personal data.
- Applies to automated personal data and manual filling systems and also apply to personal data which has been anonymised

71
Q

What do the following categories relate to:
* race;
* ethnic origin;
* politics;
* religion;
* trade union membership;
* genetics;
Chapter 5
Chapter 5 Legal and regulatory issues 5/23
* biometrics (where used for ID purposes);
* health;
* sex life; or
* sexual orientation.

A

Sensitive personal data under UK GDPR

72
Q

UK GDPR sets out data protection principles and main responsibility for organisations - What is the main principle set out in the UK GDPR?

A

Accountability e.g. documenting decisions they take about processing activity

73
Q

What are the 6 lawful bases for processing data under UK GDPR?

A
  1. Consent - consent must be freely given, specific, informed and unambiguous of the individual’s wishes. Must be a positive opt-in (consent cant be inferred from silence)
  2. Contract - must be in contract with the firm
  3. Legal Obligation - processing is necessary for the firm to comply with the law
  4. Vital interest - processing is necessary to protect an individuals life
  5. Public task - processing is necessary for firm to perform a task in the public interest or for its official functions
  6. Legitimate interest - necessary for the firms legitimate interest ot the interests of a third party
74
Q

What rights to individuals have under UK GDPR?

A
  1. Right to be informed - informed about the collection and use of their data
  2. Right of access - have right to find out if an organisation is using or storing their personal data. Can be found out using a SAR (Subject Access Request)
  3. Right to rectification
  4. Right to erase
  5. Restrict to restrict processing
  6. Right to data portability
  7. Right to object
  8. Right in relation to automated decision making
  9. Right to rectification
    4.
75
Q

What did UK GDPR do in relation to accountability and governance?

A

= One of the main data protection principles -> firms expected to put into place comprehensive but proportionate governance measures e.g. privacy impact assessements.

76
Q

What did UK GDPR introduce in relation to breach notifications?

A

Introduced duty on all organisations to report certain types of data breach to the ICO and in some cases to the affected individuals

77
Q

What law did UK GDPR bring in regarding the transfer of personal data to third countries or international organisations?

A

To ensure level of protection under UK GPDR/DPA is not undermined, restrictions have been imposed on the transfer of data outside the EU, to third countries or international organisations. UK GDPR still applies to firms operating the European Economic Area (EEA) post-Brexit.