Impact of Brexit on the GDPR
The opening statement of Information Commissioner Sir Christopher Graham’s last annual report talked about “responding to new challenges, and preparing for big changes, particularly in the data protection and privacy field.” Delivering his speech in the early aftermath of Brexit, everyone was keen to get his view on the implications for the roll out of the General Data Protection Regulation (GDPR).
Prior to Brexit
In April of 2016, after two years of debating, the final terms of the European GDPR were agreed. The legislation comes into effect for member states in May 2018 and includes key changes such as:
- The right to be forgotten
- New stricter conditions for the adequate protection of file transfers
- Privacy notices for individuals on how their data is handled
- Tighter legislation around active consent for processing data
- And a shared liablity for breaches between data controllers and data processors.
The change that many CIOs will be concerned about is the increase in sanctions for data breach, which have increased to 4% of annual global turnover.
When asked about the uncertainty, the Commissioner stated “We now need to consider the impact of the referendum on UK data protection regulation. It is very much the case that the UK has a history of providing legal protection to consumers around their personal data which precedes EU legislation by more than a decade, and goes beyond current EU requirements.” He stressed that “Having clear laws with safeguards in place is more important then ever given the growing digital economy, and we will be speaking to parts of the government to present our view that reform of the UK law remains necessary.”
But will EU GDPR still effect us?
The changes in EU Legislation are due to come into effect in May 2018. As the debate over Article 50 continues, CIOs face on-going uncertainty. However, whether the UK is still a member of the EU or not, the new rules will still apply to many organisations. The newly agreed scope states that the law will apply to non-EU companies that are offering goods and services to EU citizens. Any UK organisation selling in Europe will still need to comply with GDPR.
In closing, the Commissioner reiterated that the ICO would continue to make sure that the current standard of excellence remains intact. “We must maintain the confidence of businesses and of consumers. The ICO stands ready to enforce the rules that remain and make the case for the highest standards going forward.”
Whatever the law is called, data protection is not going away.
If you’re unsure how any of the current or upcoming data protection legislation effects your businesses’ file transfer requirements give our team of experts a call on 0207 118 9640.