BREXIT: What Now for GDPR?

Before the June referendum on the UK’s membership of the European Union, the General Data Protection Regulations were set to come into force here in May 2018.
The regulations provide an update to the existing Data Protection Direction, enacted as the Data Protection Act 1998.

See: EU General Data Protection Regulation Approved, May 5th, https://www.riskbriefing.co.uk/eu-general-data-protection-regulation-approved/

However, many are now questioning the future of the General Data Protection Regulations (GDPR) in the UK following the decision to leave the EU.

The information commissioner’s office (ICO) has since added a note to their GDPR guidance including:

“When we drafted this plan, the General Data Protection Regulation (GDPR) was on track to come into force in the UK on 25 May 2018. The result of the 23 June 2016 referendum on membership of the EU now means that the Government needs to consider the impact on the GDPR.”

However, organisations should not assume the the GDPR will disappear, and should prepare for Data Protection reform in the global context of the information age.

Data Protection Legislation Needs an Update

The primary reason to prepare for the introduction of the GDPR, or something similar, is that our existing legislation, the Data Protection Act, was created in 1998 when our technology and attitude towards data was very different.

To keep up with the rest of the world, the UK will need to reform this area either by adopting the work already completed by the European Union, or establishing its own revised regulations.

UK Businesses Still intent to trade with EU Members.

Putting aside domestic issues, UK businesses will still be trading the EU and other citizens and will therefore be required to meet their data protection requirements.

The General Data Protection Regulations have been approved by the EU and member states will still be obliged to enforce them.

The Brexit Timeline is not Clearly Defined

Lastly, the timeline for Brexit is anything but clear, and the UK remains a member of the Union during this time.  Therefore, the application of the GDPR may still go ahead.

Prepare for GDPR

There are several things you can do now to prepare for the GDPR including an impact assessment.  The ICO has provided a useful guide:

https://ico.org.uk/for-organisations/data-protection-reform/guidance-what-to-expect-and-when/