Brexit or not, you can't hide from the GDPR


According to the worrying story below, nearly a quarter of UK businesses have given up preparing for the General Data Protection Regulation (GDPR) in the mistaken belief that it's no longer relevant to the UK. And 44% think it won't apply to them after Brexit. 

The GDPR comes into force in May 2018, well before the UK's proposed exit from the EU.  

The GDPR is an EU Regulation, which means it's not directly implemented into national law in the way the 1995 EU Directive was transposed (as the UK's Data Protection Act 1998). However, the British Government's plan is to convert all EU Regulations into national law when we leave and then, over time, look at whether certain provisions should be repealed. 

The GDPR is unlikely to be one of the pieces of legislation which is later repealed because it applies to everyone doing business with UK citizens, whether or not their business is based in the EU. It's therefore essential that we keep it, if UK plc is going to retain access to that market. 

However, the interesting bit is whether the UK will follow future decisions of the Court of Justice of the EU on the application of GDPR. If not, we could, over time, see some divergence in approach with the rest of Europe. But the fundamentals are likely to remain. Including the potential for enormous financial penalties for non-compliance.  

Quote mark icon

44% of respondents think that the incoming regulation will not apply to their UK business after Brexit.