Note: This blog is published by Zoho and is applicable to all divisions of Zoho including  ManageEngine (the enterprise IT management division), Site24x7, and WebNMS.

The Brexit transition period ended on December 31, 2020, and the EU General Data Protection Regulation (GDPR) does not apply in the United Kingdom anymore.

With this, all the organizations that process the personal data of individuals in the UK have to comply with UK data protection laws. The UK has decided to retain the GDPR in its domestic law. However, there are a few additional obligations that organizations like ManageEngine had to fulfill to be fully compliant. 

1. What are the additional obligations, and how Zoho has implemented them?

  • Registration with the ICO: As the GDPR does not apply directly in the UK anymore, organizations that process the personal data of individuals in the UK have to pay an annual data protection fee, which requires registration with the Information Commissioner’s Office (ICO). Zoho has registered with the ICO and has paid the required data protection fee.

  • Appointment of a local representative in the UK: As a Dutch company, Zoho Corporation B.V. is required to appoint a local representative in the UK. Zoho has appointed a local representative who can be contacted by email at representative.uk@zohocorp.com.

  • Privacy policy for UK data subjects and customers: Zoho has published a separate Privacy Policy for its customers and data subjects from the UK. Our UK Privacy Policy is an adaptation of our General Privacy Policy with minor changes necessary to comply with the UK data protection regime.

  • Registration of a DPO with the ICO: We have registered our global data protection officer (DPO) with the ICO. If you have any questions or concerns about our privacy practices with respect to the processing of your personal data, you can reach out to our DPO by sending an email to dpo@zohocorp.com.

2. Information processed by ManageEngine as a cloud service provider:

If you are a controller using Zoho services to process the personal data of individuals in the UK, Zoho will be your processor. And, if you are a processor using Zoho services to process the personal data of individuals in the UK, Zoho will be your sub-processor. Zoho will help achieve compliance with the UK data protection laws by implementing appropriate technical and organizational measures. You can also execute a data processing addendum with us, which can be initiated by completing this form.

If you have further questions about Zoho’s privacy practices and compliance with the UK data protection laws, you can reach out to our Privacy Team by sending an email to privacy@zohocorp.com.