Implications of Brexit on Data Protection

You will probably have noticed a trend when reading or talking about what Brexit is likely to bring that nobody knows, to any degree of certainty, what Brexit will entail. However, plenty of interested stakeholders have been weighing in with opinions in an attempt to influence the debate to their advantage. The Information Commissioner's Office has now set out its position regarding data protection laws.

The new Information Commissioner, Elizabeth Denham, told the BBC that she believes the UK should adopt the General Data Protection Regulation (GDPR) regardless of the form which Brexit might take. The GDPR is an EU regulation which is due to take effect in May 2018. It seeks to strengthen data protection for individuals within the EU as well as addressing the export of personal data outside the EU. The UK played an important role in the creation and content of the GDPR.

The effective date of May 2018 means that if Brexit has not happened by that date (which it almost certainly will not) the UK will be required to abide by the GDPR at least until Brexit occurs. Denham's stance on the GDPR stems from the fact that if the UK wants to continue to do business with Europe it will need to comply with EU data protection laws to do so, as the EU requires that for personal data to be shared with an external state the data protection laws in that state must be have at least equivalent data protection laws to those of the EU.

Denham is also concerned about the effect that a constantly changing regulatory environment in relation to data protection could have on the UK; something that may occur if the UK abides by the GDPR for a time from May 2018 until Brexit and then abandons the GDPR and replaces it with something different. Denham stated to the BBC that 'I don't think that Brexit should mean Brexit when it comes to standards of data protection'.

Like all other aspects of Brexit we currently have little idea of what shape the UK's data protection laws will take post-Brexit. It would seem sensible for the UK to transpose the GDPR into domestic legislation to ensure data protection laws do not hinder whatever new trading relationship is agreed with the EU. In this regard the Information Commissioner's opinion is to be welcomed if it helps to influence the debate.

If you have any questions on the above please do not hesitate to contact the team at McDaniel & Co. on 0191 281 4000 or legal@mcdanielslaw.com.