The EU referendum results have taken most of us by surprise and little thought had been given to the consequences of ‘Leave’. This is raising all kinds of questions and uncertainties right across the board. The focus in Data Protection has been for some time the EU General Data Protection Regulation (GDPR) which comes into force in May 2018.
If Brexit does go ahead, can we ignore the GDPR and carry on with the Data Protection Act? Almost certainly the answer is “No”.
There are two main reasons, only one of which has Europe at its heart. Our Information Commissioners Office has for some time thought that there are numerous areas of the data protection legislation (such as consent) that need re-visiting. They were fully behind the implementation of the GDPR and that has not changed. A press release has already gone out, since the referendum, implying that the Commissioner will press the Government to implement the terms of the GDPR.
The second reason is simple. Currently any EU based personal data can only be transferred easily either within the EU or to countries on a ‘white list’. To get on the white list your legislation must offer equivalent protection to that given to data in the EU – so we are back to implementing similar, if not identical legislation, to the EU member states – the GDPR. The UK needs to be able to continue to trade with the EU and data is an important part of that trade.
So from where we sit, it seems that the GDPR will remain relevant and important (and it abolishes fees for registration – pleasing those who want de-regulation!).
If you would like advice on how your organisation can start preparing for the new data protection legislation, please contact Tracey Wakelam at firstname.lastname@example.org. Exeter solicitors covering Devon, Cornwall and the rest of the UK.