With the British public voting to leave the EU, where does this leave data protection in the UK?
Even with the Brexit vote, data in the UK will continue to be regulated by the current Data Protection Legislation. Although derived from an EU Directive, the Data Protection Act 1998 was passed by the UK Parliament and will remain in place after exit unless and until Parliament decides to repeal or amend it. The view of the Information Commissioner’s Office (ICO) is that the UK has a history of providing legal protection to consumers around their personal data. Our data protection laws precede EU legislation by more than a decade, and go beyond the current requirements set out by the EU, for instance with the power given to the ICO to issue fines.
But what of the new General Data Protection Directive (GDPR): does a Brexit mean that we can avoid the impact of further changes? The simple answer is no, except for those organisations that have no contact whatsoever with Europe. The reason for this is fourfold:
It is fair to say that, whilst the legal basis for data protection rules may change in the case of a Brexit, the ultimate effect on business will be largely the same and it would be prudent for any organisation doing business in Europe to abide by the GDPR.
The GDPR introduces significant new requirements for maintaining data protection records, obligations for carrying out ‘privacy impact assessments’, enhanced rights for data subjects and a 40 fold increase in the potential penalties for getting it wrong (from £500,000 to 20 million EUROS)!
Get in touch
In anticipation of these changes, get in touch about our Data Protection Health Check Service to review your data processing activities generally, and compliance with the GDPR in particular, and identify any areas of particular concern and where improvements might be made. Either contact myself or firstname.lastname@example.org.
*We charge a small fixed fee for the service. However, this fee is refundable against any further instructions to advise on a programme for ongoing data protection compliance.
Sign up to receive our blogs, newsletters and event invitations direct to your inbox