There have been many opinions shared on the likelihood of GDPR still applying if the UK leaves the EU. However, the ICO has been very clear that even if the UK were to leave with a no-deal Brexit in place, the Government intend to incorporate the GDPR into UK law.
After all, it would become more difficult to trade with the EU if GDPR still needs to be complied with, as well as a potential further UK data protection law. It's also worth noting that GDPR sits alongside the Data Protection Act 2018 which shows how GDPR works in the UK. With this in mind, the Data Protection Act 2018 is likely to be the vehicle that enshrines GDPR post Brexit.
So is GDPR a force for good? Here's why we agree it is...
GDPR has brought our Data Protection regulations up to date, with the previous law dating back to 1998, some 20 years before. Since this time, we have seen a significant change in the data landscape and given the technologies that we now employ, a new data protection regulation was rightly required.
Don’t forget that GDPR compliance isn’t an end point, it is an ongoing journey which requires ongoing evaluation. At TwentyCi, we have retained our small working group which we formed back in 2016 to ensure that we keep GDPR at the forefront of everything that we do.
Non-compliance with GDPR is not just about potential fines, it’s also about your business reputation and the damage that this would create in the event of a incident.
The new ePrivacy Regulation is on the horizon. This is set to modernise the existing ePrivacy Directive of 2002 (amended 2009) and to replace the 2003 Privacy and Electronic Communications Regulations (PECR). The original aim was for this to come into force at the same time as the GDPR, but it was not ready and is currently still not in its final form with exact timings remain unknown. We do know however, that it will affect electronic marketing communications, tracking technologies, security and more. The Data Protection Network has posted a recent update on the topic here.
However, Brexit could potentially impact ePrivacy. As posted by the DMA in February, in the event of a no-deal Brexit where the final text has not been agreed, the UK could decide to diverge in ePrivacy. This however would make it difficult for us to trade with the EU, so whilst possible it would seem an unlikely eventuality - without it we will not be likely to achieve equivalency with Europe.
As Colin Bradshaw our Data Protection Officer adds: "The new data protection legislation passes power and control back to where it belongs; the data subject or consumer. Other people’s data is personal property, it is our privilege to work with it, not our right”.
We'll be keeping an eye on both of these resources for further updates.
The information provided here is our views of the GDPR. It does not constitute legal advice and our views may change as the Information Commissioners Office publishes more guidance. You should consider taking your own legal advice as you see appropriate.
For any specific GDPR questions, please contact our GDPR team at firstname.lastname@example.org or call us on 01908 829300.