May 27, 2016 / by Kalpesh Bhandari Data Protection
What happens to Data Protection laws and regulation if the UK leaves the EU?
Data protection and Brexit
When we did some initial research on this we were a touch perplexed. But as there is uncertainty about what the UK would do with its Data Protection laws if we left the EU there’s no definitive answer. Just considered predictions.
Where do we start?
In the world of data protection you may have missed a not-so-tiny update about new regulation known as the EU General Data Protection Regulation (GDPR). Rules around this were agreed in late 2015 and are due to kick in during late May 2018.
In case you missed that, or need a quick overview of the back story, law firm Allen and Overy have a useful timeline of events.
The GDPR is supposedly more strict than the existing 1998 UK Data Protection act. A quick look on itgovernance.co.uk mentions
“The Regulation mandates considerably tougher penalties than the DPA: breached organisations can expect fines of up to 4% of annual global turnover (NB turnover, not profit) or €20 million – whichever is greater.””
So you’re now up to speed with the EU’s GDPR.
What happens to Data Protection laws?
If you’ve ever read the contents of a privacy policy then you’re likely to have been directed to the aboutcookies.org page. This is brought to you by international law firm Pinsent Masons. If you’re going to get a view from any authority on data protection and brexit they are probably the best place to start.
They posted an article on the intricacies of this – which probably sums up what the future holds for DPA and brexit:
“However even if the UK votes to leave the EU it is still likely to have to implement similar data privacy rules to those included in the Regulation. That would be because of the restrictions EU law places on EU-based businesses transferring personal data outside of the European Economic Area (EEA). Transferring personal data from the EU to locations outside of the EEA is prohibited unless there is adequate data protection in place. There has been substantial disruption to data flows to the US because of concerns in this regard.”
If there was an exit by the UK we’d be pretty certain that it would take well more than three years to unravel and detach from the laws and other regulations that affect our everyday life. The same goes for creating a new UK data protection regime.
In that time the likelihood is that the UK would adopt parts of, if not all, the EU GDPR. But if the UK decides to stay then it should be a case of keep calm and carry on.
Are you ready for GDPR?
If you’re looking for assistance preparing for GDPR, contact us today.