What about Brexit?


5th April 2017
Do not be fooled by Brexit. The UK Government is committed to the General Data Protection Regulation (GDPR), which is already in force and will start to apply whilst the UK is still part of the EU.


On 23 June 2016 the UK held a referendum and the majority voted to leave the EU. On 29 March 2017 Theresa May give notice of the UK's intention to leave the EU under Article 50 of the Treaty of the European Union. Following this notice the UK will leave the EU once terms have been agreed or after the expiry of two years from the date of the notice.


We are about to witness an intense period of negotiation between the EU and the UK with regards to the terms of the UK's withdrawal from the EU and we have already seen something of a fractious start to this.


As the General Data Protection Regulation (GDPR) is an EU regulation it will be applicable in the UK without the need for domestic legislation to adopt it. Once we leave the EU although the General Data Protection Regulation will effectively no longer apply to UK citizens it will still apply to any business holding personal data of EU citizens. In any event the UK Government is very highly likely to adopt domestic legislation retaining the General Data Protection Regulation (GDPR). The Government and the UK governing body (The Information Commissioner's Office) are committed to such a retention.


Prior to the Brexit vote the Information Commissioner's Office released a statement in which they said "The UK will continue to need clear and effective data protection laws, whether or not the country remains part of the EU. The UK has a history of providing legal protection to consumers around their personal data. Our data protection laws precede EU legislation by more than a decade, and go beyond the current requirements set out by the EU, for instance with the power given to the ICO to issue fines. Having clear laws with safeguards in place is more important than ever given the growing digital economy, and is also central to the sharing of data that international trade relies on."


More recently the Information Commissioner's Office has stated "We are committed to helping organisations to prepare for the GDPR, which will apply in the United Kingdom from 25 May 2018. One of the main ways in which we do this is by publishing practical guidance and signposting guidance produced by other bodies. In planning this we take account of what our stakeholders tell us they need to know about the GDPR, and our own analysis of the key differences between GDPR and the DPA."


Contact us now to discuss your General Data Protection Regulation requirements, Data Protection Officer training and GDPR / Data Protection advice and audits.