Sunday, October 30, 2016
UK Will Follow EU DP Rules, But For How Long?
With the EU’s General Data Protection Regulation (GDPR) coming into effect in May 2018, and the UK’s exit from the EU not occurring until the following summer if the timetable announced by PM Theresa May on October 2 holds, there is a growing consensus that the GDPR will be both legally and operationally implemented in the UK at least through the time Brexit takes effect. According to Elizabeth Denham, the former Information and Privacy Commissioner for British Columbia and new UK Information Commissioner, the UK is going to want to continue to do business with Europe, which will require its data protection law to be equivalent, leading her to state that “I don’t think Brexit should mean Brexit when it comes to standards of data protection.” Whether PM May agrees with this outspoken position is unclear, since the outlines of her proposed Great Repeal Bill allow for continued post-Brexit adoption of EU law but with a provision for Parliament to amend or cancel any legislation so enacted. Would Parliament want to chip away at the GDPR with the risk of cutting off the free flow of information with the EU and damaging the UK economy? Will this provision of the Great Repeal Bill be enacted or modified? Only time will tell. From a regulatory point of view, what is clear is that UK companies need to be gearing up to the stricter requirements of the GDPR.