There is a lot of nonsense talked at the moment about UK businesses not having to worry about changes to European data protection law on the basis that the UK might exit the European Union (the so called BREXIT).
In my view any company that is waiting until after the BREXIT vote is misguided. Whatever happens with the vote it is likely that the UK would have to follow the GDPR. The bar could be set higher not lower than GDPR since the UK would likely want to be able to reassure the European Union that its data protection laws were adequate.
The UK would apply for its data protection laws to be seen as adequate, in a similar way to the adequacy decision the European Commission made in favour of Canada in 2010. The UK could also ask for a closer association and join the EEA and/or ask for a seat still as an observer at WP29 meetings. It can be expected that any adequacy assessment would reflect the new GDPR regime and not the existing EU Directive. It is likely then that BREXIT would not help make data protection law easier. In fact BREXIT could make things a little more difficult since if one stop shop does work within the EU as envisioned by GDPR (and the jury is still out on that as we explained in our FAQs) it would be a two stop shop for anyone in the UK.
Any company holding on is delaying the inevitable and reducing the time it has to comply.
We will be following the affects of BREXIT on compliance in a series of blogs between now and June.
BREXIT could have an effect in a whole range of compliance areas including:
- Chemicals regulation
- RAPEX and product recall
- Cyber security
- Conflict minerals and transparency
If you would like us to cover any of those topics in future alerts just let us know.
Jonathan Armstrong is a Lawyer with Cordery in London where his focus is on compliance issues.
Jonathan Armstrong, Cordery, Lexis House, 30 Farringdon Street, London, EC4A 4HH
Office: +44 (0)207 075 1784