behalf of someone else) and requirement may be abolished in the contractual flow down is required. future). Some businesses may require Processors have a number of representatives in both jurisdictions. direct obligations under the Game businesses will also need to applicable legislation, particularly think about the location of their Data regarding data security. Protection Officer (if they have one). Digital consent for minors: the Going forward, the UK is close to default age for giving valid enacting the Data Protection and consent and using online services Digital Information Bill which will is set at 16 but Member States replace the UK GDPR. While it won’t can reduce this to as low as depart too far in principle from the 13 as the UK has done. current position, it will introduce changes which both UK and cross- The UK and EU - further border games businesses will need divergence ahead to understand. The overall The UK GDPR currently mirrors compliance burden is, however, the GDPR, so the majority of unlikely to increase in the way it did requirements haven’t changed when the GDPR was introduced, not as a result of Brexit. However, in least because the UK will be keen addition to issues mentioned to ensure it doesn’t jeopardise its above around data transfers, UK adequacy arrangement with the EU. publishers caught by the GDPR It’s not just (UK) GDPR without an EU establishment need to appoint a representative in the The UK’s Data Protection and Digital EU under Article 27 GDPR (subject Information Bill is proceeding to to limited exceptions). enactment and will replace the UK Similarly, controllers and processors GDPR. However, just as important not established in the UK (including is the current extension of the those in the EEA) but caught by the legislative framework to cover non- UK GDPR will be required to appoint a personal as well as personal data. representative in the UK (though this Facilitating access to data, ensuring 104