Britain’s decision to leave the European Union has led some data professionals to think that they will no longer be affected by the EU’s General Data Protection Regulation (GDPR). If this is the case, what exactly will this mean for the protection of your data?
The EU Data Laws Toughen Up
But the regulations – due to come into force in May 2018 – will not become irrelevant, despite the Brexit vote. British companies doing business in the EU, or more particularly handling the data of European citizens, will have to comply with the forthcoming rules or face severe penalties in the event of personal information being lost or stolen.
The GDPR is the biggest shake-up in privacy laws for more than 20 years, marking the overhaul of pan-European regulation put into place way back in 1995.
Notable changes in data protection rules will include tougher penalties for companies caught in breach of EU data protection law, with fines of up to 4% of global turnover. Even more controversial is that there will be a requirement for companies to disclose breaches of personal data within 72 hours.
Is Brexit A Get Out Of Jail Free Card?
Far from Brexit allowing the UK to unshackle itself from what some in business see as the EU’s cumbersome Data Protection Rules, it’s more likely that once the UK leaves the EU the country will introduce new regulations that would be similar in scope to those laid out by GDPR. The UK’s Information Commissioner’s Office called for “international consistency around data protection laws” in the wake of the shock Brexit vote before later stating that GDPR is still relevant for the UK.
“GDPR compliance will be necessary for a number of reasons,” explained IT lawyer Dai Davis, a solicitor at Percy Crow Davis & Co. “First and foremost if a tech company wants to carry on trading in Europe (less the UK) that company will be directly subject to the GDPR in the remaining EU countries. Second, the GDPR comes into force on 25 May 2018. Brexit (pursuant to article 50) will take two years and has not yet been triggered yet.”“There are other reasons, such as the fact that post Brexit the UK will need to have a similar law: otherwise we would not be able to retain London as a banking capital to allow the remaining EU countries to safely export their data to the UK,” he added.
GDPR A Complex Beast For Post Brexit UK
Uncertainty over the economic implications of Brexit is likely to continue until a trading agreement has been established. GDPR compliance for UK business could turn out to be more complicated now than if the EU vote had swung in favor of remain, the expected result. For example, the demonstration of GDPR compliance for UK firms post Brexit could be a longer, more involved procedure than their European counterparts would face.
John Cassidy, VP EMEA at data discovery firm Ground Labs, added: “GDPR is not going away and Brexit is certainly not a green card for those wishing to avoid the reputational damage, financial losses and considerable fines associated with a security breach. These data regulations should not be seen as extra homework to be dodged, they are designed to prevent devastating data breaches that can cost millions and could lose you, customers.”
Special Guest Blogger: John Leyden