GDPR, BREXIT and the future of data processing
November 26, 2019
November 26, 2019
GDPR regulations have changed how businesses within Europe handle and process data. However, the UK’s decision to leave the EU has no doubt created some confusion as to where we stand in regards to GDPR regulations. This article aims to explain how the UK’s future without the EU will continue to be shaped by GDPR regulations and how it works in the meantime while we negotiate a deal.
The UK voted to leave the EU in 2016 and Article 50 was triggered in 2017. The GDPR regulations were actioned before the legal consequences of the Brexit vote, meaning the UK still has to comply. Furthermore, the EU Withdrawal Act means that the UK is still required to implement GDPR into law.
About Brexit and Data Protection Act 2018
In 2017, the UK government put forward a new data protection act which received Royal Assent in 2018. This new act aimed to replicate much of GDPR’s regulations within UK law, while also adding additional aspects that were not covered by the EU law.
Similar to GDPR, this new act sets out sanctions for any organisations that fail to comply with the regulations. This allows the Information Commissioner’s Office to issue fines of up to £17 million or 4% of global turnover – whichever figure is the highest.
The act also includes the right to be forgotten, giving subjects the power to demand social media companies erase posts they made during childhood. It also proposes that current data protection regulations are modernised to expand the definition of personal data, including IP addresses, internet cookies and DNA.
With these regulations, the UK hopes to build a data protection mechanism that goes beyond the model offered by the EU. The purpose of this is the hope that the EU will view the UK as a safe place for their data, granting us an adequacy agreement that permits the free flow of personal data between the UK and the EU. Bringing EU law into UK law will better prepare us for a future without the EU and ensure that data continues to flow between the UK, EU and other countries around the world.
How data transfer will work after Brexit
The negotiations of an adequacy agreement between the UK and EU can only happen after the UK leaves. Current indicators seem to show that the adequacy agreement will probably be signed, however, until that happens the data transfer process is not that simple. Due to the European Withdrawal Act, the EU’s GDPR regulations have to be signed into UK domestic law (which they have been). Yet without an adequacy agreement currently in place, UK businesses will need to find alternative legal mechanisms to allow them to receive data from the EU and be compliant with GDPR. At the moment, many businesses are relying on contractual clauses to make sure data protection is included in their deals with other organisations. This ensures they are complying with GDPR while we wait for a national agreement to be put in place.
What is the future of GDPR after Brexit?
The hard truth of the matter is that after Brexit, the UK be unable to contribute to any further developments in EU data protection laws. This is especially ironic considering the fact that the UK was one of its chief initial authors. When it comes to UK business, many experts believe it would have been very advantageous for the UK to have a seat at the table with the EU data protection authorities.
However, we were aware that the decision to leave would come with consequences. This consequence means that the UK will be a less influential regulator of data, lacking a say in evolving GDPR regulations and how it will apply to growing technology such as AI or how big tech corporations are regulated.
The world of information and data can be difficult to navigate – especially for a business. As technology grows, data protection laws evolve and agreements are eventually made, businesses’ relationship with data will continue to change. CyberSmart makes it easier for businesses to keep up with these changes, offering software that helps you meet government protection standards, including IASME-certified Cyber Essentials and Cyber Essentials Plus schemes.
Protect your business and your customers by exploring CyberSmart’s range of cyber certification and compliance products.