Back to posts

After many conversations with delegates at our successful business briefing in November, one question we heard repeatedly is whether Brexit will mean GDPR is no longer going to happen in the UK. In this blog post we will tell you why we think this won’t be the case.

Summarising the state of Brexit and GDPR

On the 25th May 2018, GDPR, the far-reaching data protection legislation becomes enforceable, and, to avoid hefty fines, businesses must ensure they are compliant with the details of the regulation. Ten months later, Britain will leave the European Union (EU) after the results of the decisive EU membership referendum on the 23rd of June 2016.

Two of the biggest legislative changes the UK has faced in a generation will be happening within ten months of each other.

Maintaining trade

At the time of writing, the UK has just managed to agree its ‘divorce bill’ - and was forced to make numerous concessions in order to move onto the next stage of negotiations with the EU. The next phase of talks with the EU revolve around negotiating a bespoke trade deal between both parties.

Britain is keen to continue its trading relationship with the EU, as it is the biggest trading bloc in the world and accounts for 16 percent of global trade.

Will GDPR still happen?

Once Britain leaves the EU, parliament can begin the process of repealing EU legislation from UK law. Some commentators have anticipated this could mean a repeal of GDPR and reverting back to existing data protection laws, however, experts think this is extremely unlikely.

For starters, there is a ten-month gap between when GDPR becomes enforceable and when the UK leaves the EU, thus leaving businesses open to enforcement action from ICO. Also, when we mentioned concessions earlier regarding the trade relationship with the EU, it is likely Britain will have to make sacrifices in order to negotiate tariff-free access to the European Single Market.

For frictionless trade to continue between both parties, the UK is expected to have to bring their data protection measures in line with the EU’s. PrivacyShield is a great example of the type of approach the UK will take - as US businesses have to comply with PrivacyShield in order to do business with European customers. This is because privacy laws in the US are very different to those of their European counterparts.

Is complying with GDPR such a bad thing?

We agree with many experts that GDPR should be seen as an opportunity, instead of a threat. Despite the complexities of the legislation, it is the perfect opportunity to get your house in order.

If you’re unsure of the specifics of what GDPR entails, or aren’t really sure where to start, our eBook ‘GDPR: How to appoint a data protection officer’ is an essential read. You can download a copy here.