So you still think Brexit means escaping the GDPR?

By Phil Brining

Recent comments by the Secretary of State for Culture, Media and Sport and the Information Commissioner indicate that businesses cannot afford to delay complying with the GDPR.

In the immediate aftermath of the June vote for Britain to leave the European Union we discussed the likely effects that Brexit could have on data protection law in the United Kingdom (If you would like to read these click here).  At the time we could only rely on speculation given the lack of certainty that the decision created. However in the months following the decision new information has been made available, despite the secretive approach of the British government, which has allowed us to gain a clearer understanding of the situation. And most, if not all, of this information is pointing to the implementation of the GDPR which in turn means that businesses cannot delay compliance thanks to the Brexit decision.

New information

Perhaps the most significant change that has happened in the five months since Brexit occurred is that we have now had statements from key figures involved in UK Data Protection law as to the situation with the GDPR and Brexit. Chief amongst these are the comments made by the Secretary of State for Culture, Media and Sport, Karen Bradley, who also presides over the Information commissioner’s office. Speaking before the Culture, Media and Sports Select Committee she said,

“We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public.[1]

A week later these comments were followed up by the Information Commissioner, Elizabeth Denham, who capped off a string of statements from the Information Commissioner’s office (most of which, such as those found here[2], made similar conclusions to our earlier blog post about the need to comply anyway) in recent months affirming the implementation of the GDPR with an endorsement of her own. In a blog post on the ICO website entitled “How the ICO will be supporting the implementation of the GDPR[3]”, Denham pledged that the ICO, “is committed to assisting businesses and public bodies to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond” and will be, “working with government to stay at the centre of these conversations about the long term future of UK data protection law.”

The role of parliament and the recent court case

It is also important to remember that the recent decision in the High Court that Parliament needed to scrutinise any Brexit deal and the impending Supreme Court case which may cast even more uncertainty on the process both will further delay the triggering of Article 50. This means that we could remain a member of the EU for longer than anticipated and be subject to the GDPR anyway for a period of time.

If you have any more questions regarding compliance with the upcoming GDPR, and if you would like to discuss this in more detail or seek advice, please don’t hesitate to get in touch with us at Data Protection People.

 

By Liam Fitzpatrick

 

[1] http://data.parliament.uk/writtenevidence/committeeevidence.svc/evidencedocument/culture-media-and-sport-committee/responsibilities-of-the-secretary-of-state-for-culture-media-and-sport/oral/42119.html

[2] https://iconewsblog.wordpress.com/2016/07/07/gdpr-still-relevant-for-the-uk/

[3] https://iconewsblog.wordpress.com/2016/10/31/how-the-ico-will-be-supporting-the-implementation-of-the-gdpr/

Contact Us

Send us a Message









Data Protection Project
GDPR Gap Analysis/Audit/Review
Outsourced Privacy Officer/DPO
Support Desk
SAR Support
PCI DSS
ISO27001/27701
Cyber Maturity Assessment
NIS Regulations
Information Governance Documentation
DataWise System
Other

We are always happy to make contact with you by either phone, email or a face to face meeting at our office or yours. We work standard UK office hours – every week day 0830 to 1730.


IMPORTANT INFORMATION

We have been advising those people who have contacted us that they should make a complaint to the Information Commissioner’s Office (ICO) using this link https://ico.org.uk/make-a-complaint/nuisance-calls-and-messages/spam-texts-and-nuisance-calls/.  It would be helpful to the ICO if you knew the number that called you, the date and time of the call and what the call seemed to be about.

You might also want to register your phone number with the telephone preference service (TPS), a national suppression service which should cut down calls of this nature as it is not lawful to make unsolicited direct marketing calls to numbers registered on the TPS.  You can register your number here https://www.tpsonline.org.uk/register.

We know that these kind of calls can be distressing and intrusive and you have our sympathy.  Please do not hesitate to contact us if you would like to discuss it with us otherwise we’d encourage you to report it to the ICO as notifying them of this kind of practice enables them to investigate and take enforcement action where necessary.  You can see the action that has been taken by the ICO here https://ico.org.uk/action-weve-taken/enforcement/.

Data Protection People Limited – March 2021