The UK Government has confirmed that it will implement the European Union (EU) General Data Protection Regulation (GDPR), despite the country voting to leave the EU in the June referendum.
The announcement brings a greater degree of certainty to the UK data protection landscape at least for the foreseeable future and means that businesses must now address the changes being implemented by the GDPR.
In a recent speech before the UK Parliament’s Culture, Media and Sport Committee the Secretary of State Karen Bradley stated that the Government will seek to implement the GDPR which is intended to take effect in May 2018 regardless whether the UK has begun the Brexit process by then, as the country will in 2018 still be an EU Member State.
Subsequent to Bradley’s announcement the Information Commissioner’s Office (ICO) – which oversees privacy issues in the UK – posted a blog by the Information Commissioner Elizabeth Denham confirming the statement and setting out a broad timetable for the ICO’s adoption of the GDPR.
The blog, which can be found here, sets out Denham’s view that the GDPR is a positive development for UK data protection regulation: “I see this as good news for the UK. One of the key drivers for data protection change is the importance and continuing evolution of the digital economy in the UK and around the world,” she writes.
The ICO will by early December publish a revised timeline setting out what areas of data protection and GDPR implementation guidance it will be prioritising over the next six months.
The GDPR will bring significant changes to the UK and EU data protection landscape, as a regulation rather than a directive it will have direct effect across all 28 (current) member states and is intended to fully harmonise the current patchwork of national laws. The GDPR will bring a greater emphasis on compliance, an increased administrative burden on data handlers and a greater enforcement threat, including through the creation of a Lead Supervisory Authority (one-stop-shop) regulator for multinational companies.
What is clear therefore is that from May 2018 the GDPR will have an impact across the entire EU, and the UK alongside its EU Member State partners will begin operating a common regulatory framework.
Nonetheless, if the UK Government begins formal Brexit negotiations in spring 2017, as it desires, the country may leave the EU in spring 2019; what deviation, if any, occurs to UK data protection regulation as a result of Brexit waits however to be seen.
The more information or assistance in complying with the GDPR as it affects your business, then in the first instance please contact Tris Moore at [email protected]
The information presented is not legal advice, is not to be acted on as such, may not be current and is subject to change without notice. Internet subscribers and online readers should not act upon this information without seeking professional counsel.