How Does Brexit Impact Data Protection in the UK?
Britain’s unprecedented decision to exit the European Union—“Brexit”—is raising a myriad of questions around the world.
A big question I and my colleagues in the security industry have is: What does this do for data protection standards and rules? The answer depends on when the UK government officially leaves the EU. For now, the vote will have little immediate effect on its data protection rules.
Britain will have two years to negotiate their exit from the European Union. This time will be spent settling outstanding bills with the EU, crafting new trade deals, and sifting through thousands of EU regulations, including those that protect data privacy. For now, the UK remains a member of the European Union, with all the rights and obligations that derive from it.
The UK regulator, the Information Commissioner’s Office (ICO), hasn’t given us concrete guidelines on what we all need to do when it comes to data protection, but they did release this statement after the Brexit vote saying, “If the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’—in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”
The ICO also stated that while data protection laws in Britain will not change right away, any new laws introduced by the EU would not apply to England, Scotland, Northern Ireland, and Wales if the UK leaves before they come into effect.
Once the UK is officially no longer a member of the EU, the UK Data Privacy Act of 1998 will likely govern data protection. But many people are speculating that the law will be updated to reflect the GDPR and be “adequate ” under it.
So what’s the best thing for security professionals around the globe to do? For now, you can Keep Calm and Carry On by ensuring that:
- Your organization has a data protection framework in place.
- The framework meets, or is aiming to meet, the standards set out in the GDPR.
By doing this, your company will be in a position to move data more freely within the UK and EU member states if the UK decides to update their own regulations to meet the GDPR.
Want more data privacy news? Subscribe to our blog to stay up to date.
About Dennis Dayman
Dennis Dayman has more than 20 years of experience combating spam, security/privacy issues, data governance issues, and improving email delivery through industry policy, ISP relations and technical solutions. As Return Path’s chief privacy and security officer, Dayman leverages his experience and key relationships to provide best practices to Return Path, its customers, and ensures the compliance of their communications data flows. He is also responsible for coordinating and managing Return Path’s international electronic commerce, privacy and Internet related policy issues.