May 27, 2016 / by Kalpesh Bhandari Data Protection

What happens to Data Protection laws and regulation if the UK leaves the EU?

Data protection and Brexit

When we did some initial research on this we were a touch perplexed. But as there is uncertainty about what the UK would do with its Data Protection laws if we left the EU there’s no definitive answer. Just considered predictions.

Where do we start?

In the world of data protection you may have missed a not-so-tiny update about new regulation known as the EU General Data Protection Regulation (GDPR). Rules around this were agreed in late 2015 and are due to kick in during late May 2018.

In case you missed that, or need a quick overview of the back story, law firm Allen and Overy have a useful timeline of events.

The GDPR is supposedly more strict than the existing 1998 UK Data Protection act. A quick look on itgovernance.co.uk mentions

“The Regulation mandates considerably tougher penalties than the DPA: breached organisations can expect fines of up to 4% of annual global turnover (NB turnover, not profit) or €20 million – whichever is greater.””

So you’re now up to speed with the EU’s GDPR.

What happens to Data Protection laws?

If you’ve ever read the contents of a privacy policy then you’re likely to have been directed to the aboutcookies.org page. This is brought to you by international law firm Pinsent Masons. If you’re going to get a view from any authority on data protection and brexit they are probably the best place to start.

They posted an article on the intricacies of this – which probably sums up what the future holds for DPA and brexit:

“However even if the UK votes to leave the EU it is still likely to have to implement similar data privacy rules to those included in the Regulation. That would be because of the restrictions EU law places on EU-based businesses transferring personal data outside of the European Economic Area (EEA). Transferring personal data from the EU to locations outside of the EEA is prohibited unless there is adequate data protection in place. There has been substantial disruption to data flows to the US because of concerns in this regard.”

If there was an exit by the UK we’d be pretty certain that it would take well more than three years to unravel and detach from the laws and other regulations that affect our everyday life. The same goes for creating a new UK data protection regime.

In that time the likelihood is that the UK would adopt parts of, if not all, the EU GDPR. But if the UK decides to stay then it should be a case of keep calm and carry on.

Are you ready for GDPR?

If you’re looking for assistance preparing for GDPR, contact us today.

Tagged: GDPR, Brexit, European Union, IT Governance

Our recent posts

7 DevOps Tools We Love - And 1 We Love To Hate

December 10, 2017

7 DevOps Tools We Love - And 1 We Love To Hate

For many DevOps engineers, the workday is often spent using a variety of tools to be more productive and increase efficiency, and due to the often intensive work it's important to use tools they can rely on.

A Handy Guide To AWS EC2 Cost Optimisation

December 01, 2017

A Handy Guide To AWS EC2 Cost Optimisation

EC2 cost optimisation can improve the profitability of your organization. We give you some helpful tips on how to reduce the costs of your EC2 infrastructure.

Avoiding common AWS migration pitfalls

January 11, 2017

Avoiding common AWS migration pitfalls

The process of moving to the AWS Cloud is not without its pitfalls – here's how to avoid them

See more posts