Brexit: What does it mean for UK data protection?

Brexit: What does it mean for UK data protection?

Nothing. Not a jot. Not if the government is at all sensible about it.

Remarkably, there is one thing that is most likely to remain (pun intended) unaffected by the majority decision of the country’s voters to leave the European Union, and that is the way the UK does data protection.

How so?

The forthcoming EU upgrade to its own data protection legislation, the General Data Protection Regulation (GDPR), is now on the table in finished form and will need to be fully implemented by all member states by mid-2018. This will happen irrespective of any moves by the UK government to leave the EU. (The anticipated date for a Brexit is also roughly 2018.)

Currently 49 percent of UK export trade is with the EU, and unless that changes dramatically, the UK will continue to rely on the EU for a significant portion of its income. That being the case, we’ll be obliged to comply with the GDPR when working with our European partners. As we’ve all been preparing for the GDPR for some time now (you have, haven’t you?), that will need to continue.

What about the rest of our business with the rest of the world?

For that, we currently rely on the Data Protection Act, but – despite holding up well after 18 years of service – it’s in need of an upgrade too. New UK legislation will take time to plan and enact, and with other things on the government’s collective mind, it’s another reason to keep your eye fixed firmly on the GDPR as a predictable and desirable end point.

The government will probably aim to produce a new British version of the Data Protection Act, either agreeing regulations on a country-by-country basis, one for each new trade agreement, or it could enact a single overarching one-size-fits-all law that will apply to all our new trade deals, across the board.

The former would be a needless burden on business and quite at odds with the government’s usual stance on ‘red tape’; the latter could be a weakened set of regulations or guidelines, designed to promote new business by minimising legal encumbrances. However, weak regulation would mean that businesses in the UK would then still have two sets of data protection regulations to apply, possibly poles apart in quality. To avoid confusion, the legislation for the rest of the world cannot be weak – in other words, it will need to look reasonably similar to the GDPR.

So, we come to the inevitable conclusion that to retain a significant portion of our trade with Europe; smooth the path of new business in this post-Brexit era; and keep the ‘burden of red tape’ to a minimum, there is one thing that a post-Brexit UK certainly cannot do without, and that is, ironically, the EU GDPR.

This article was written by Dave Wonnacott, Senior Data Developer & Data Protection Officer at The Real Adventure Unlimited, and first appeared on The Real Adventure Unlimited website.