Law Lessons: Exploring The Effects Of GDPR Pre and Post Brexit

The UK government has confirmed that it will implement the European Union General Data Protection Regulation, notwithstanding the UK’s decision to leave the EU. This announcement confirms that UK businesses will need to become GDPR compliant by 25 May 2018.

On 24 October 2016, the Secretary of State for Culture, Media and Sport, Karen Bradley, gave oral evidence to a Select Committee affirming that the UK will implement the General Data Protection Regulation (GDPR).

The Secretary of State stated that the UK will still be an EU Member State in May 2018, when enforcement of the GDPR begins, and “therefore it would be expected and quite normal for [the UK government] to opt into the GDPR and then look later at how best … to help British business with data protection while maintaining high levels of protection for members of the public”.

Although the announcement sounds as though the UK is choosing to be subject to the GDPR, the legal reality is that the GDPR will automatically become binding in the UK on 25 May 2018.

The GDPR is the first major legislative change to European Data Protection law since Directive (95/46/EC), which was written in the mid-1990s. The GDPR affects almost all organisations doing business in the EU (even those located outside the EU), creates tighter limits on processing of personal data, and gives greater rights to individuals. Failure to comply with the GDPR risks a maximum penalty of the greater of €20 million or four percent of worldwide turnover.

White & Case has published a detailed GDPR Handbook, offering guidance on all of these issues.

What does the announcement mean for businesses?

There had been some uncertainty among UK businesses as to whether to invest resources in achieving GDPR compliance, given the lack of clarity around precisely what Brexit will look like.

However, following the announcement by the Secretary of State, it is now explicitly clear that the GDPR will have the force of law in the UK, from 25 May 2018 until at least the date on which Brexit takes effect. This means that UK businesses, like businesses in any other EU Member State, will need to be compliant with the GDPR by 25 May 2018, or face enforcement action.

Go to page 2 to find out what happens to GDPR after Brexit takes effect…

Page: 1 2

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Google Fiber Plans US Network Expansion – Report

Google Fiber resurfaces. Network to be expanded to offer speedy internet connectivity to cities in…

7 hours ago

Samsung Unveils Two New Folding Smartphones

Foldable updates from Samsung. include new versions of its pocket sized square (Galaxy Z Flip…

8 hours ago

Facebook At Centre Of US Teenager Home Abortion Case

Court documents show Facebook provided police in the US state of Nebraska with a teenager's…

11 hours ago

President Biden Signs $53 Billion US Chips Act

President Joe Biden signs landmark bill to encourage chip makers to build more semiconductor manufacturing…

12 hours ago

WhatsApp Update To Allow Users To Leave Groups Silently

Privacy changes to WhatsApp. No more blanket notifications to a group if a user decides…

14 hours ago