The UK made the decision to leave the European Union in June and this left many people wondering what this meant for the latest EU reforms and changes to data protection law. The General Data Protection Regulations which are due to be fully implemented by May 2018 will theoretically no longer apply to the United Kingdom but this doesn’t mean they can be ignored. This is what the UK Information Commissioner’s Office is saying and they are urging companies to continue their work towards any changes and improvements to their processes.
The Information Commissioner’s Office has released a statement after the UK’s decision to leave the EU. They have explained that the Data Protection Act will remain the law of the land but the GDPR will not be directly applicable. However, they further asserted that if the UK wishes to be able to trade with the single market on equal terms then they will need to deliver, in their own words, ‘adequacy’ which translates as the UK requiring data protection standards which equal those in the rest of Europe.
The ICO’s statement said: “With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens. The ICO’s role has always involved working closely with regulators in other countries, and that would continue to be the case.”
Many business owners have EU clients and to be able to continue to work with these clients, UK businesses need to deliver the same high level of data protection and security as the EU demands from its companies. The GDPR is applicable to all companies who work with EU clients and hold data of EU citizens so for many companies they will have to comply with the legislation, despite not being based in an EU member state. Most experts believe the UK will develop its own legislation which mirrors the expectations laid out in the GDPR and may even have the same level of penalties involved. This will ensure UK businesses remain on par with those in Europe and companies will European clients or offering their services to EU nationals, will not be shut out.
The right level of compliance is essential for all businesses who want to continue to work with EU businesses. Higher levels of data protection and security can only mean better things for business, ensuring a higher level of service is delivered to clients around Europe.