In the immediate aftermath of the June vote for Britain to leave the European Union we discussed the likely effects that Brexit could have on data protection law in the United Kingdom (If you would like to read these click here). At the time we could only rely on speculation given the lack of certainty that the decision created. However in the months following the decision new information has been made available, despite the secretive approach of the British government, which has allowed us to gain a clearer understanding of the situation. And most, if not all, of this information is pointing to the implementation of the GDPR which in turn means that businesses cannot delay compliance thanks to the Brexit decision.
Perhaps the most significant change that has happened in the five months since Brexit occurred is that we have now had statements from key figures involved in UK Data Protection law as to the situation with the GDPR and Brexit. Chief amongst these are the comments made by the Secretary of State for Culture, Media and Sport, Karen Bradley, who also presides over the Information commissioner’s office. Speaking before the Culture, Media and Sports Select Committee she said,
“We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public.”
A week later these comments were followed up by the Information Commissioner, Elizabeth Denham, who capped off a string of statements from the Information Commissioner’s office (most of which, such as those found here, made similar conclusions to our earlier blog post about the need to comply anyway) in recent months affirming the implementation of the GDPR with an endorsement of her own. In a blog post on the ICO website entitled “How the ICO will be supporting the implementation of the GDPR”, Denham pledged that the ICO, “is committed to assisting businesses and public bodies to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond” and will be, “working with government to stay at the centre of these conversations about the long term future of UK data protection law.”
The role of parliament and the recent court case
It is also important to remember that the recent decision in the High Court that Parliament needed to scrutinise any Brexit deal and the impending Supreme Court case which may cast even more uncertainty on the process both will further delay the triggering of Article 50. This means that we could remain a member of the EU for longer than anticipated and be subject to the GDPR anyway for a period of time.
If you have any more questions regarding compliance with the upcoming GDPR, and if you would like to discuss this in more detail or seek advice, please don’t hesitate to get in touch with us at Data Protection People.
By Liam Fitzpatrick