The last 10 days have seen massive political and economic convulsions in the UK, with the situation unlikely to settle down any time soon. But there’s one thing that is clear: the European Union’s tough new General Data Protection Regulation (GDPR) is still coming into force in May 2018, and UK organisations should still be making plans to deal with it.
Brexit and EU data protection
It’s unlikely the GDPR featured on the radar of many (if any) people campaigning ahead of the EU Referendum, let along the many millions of people who voted. Yet it’s an issue that affects us all. And these new regulations, the biggest change in data protection laws for decades, will still have wide-ranging impacts for mid-sized and large enterprises in the UK who will still need to operate under GDPR or GDPR-like provisions. This is partly because the new rules and penalties are as much a long-overdue response to the modern era as they are straightforward regulation. We live in an age where data is now a fundamental aspect of business and government, in which cloud-based solutions and services are the norm, where Big Data can be harnessed, and more personal data on customers and employees is being captured, processed and stored than at any other time in history. While years of negotiation between the UK and EU across multiple issues is likely to lie ahead, UK businesses will still need to adhere the GDPR because, if they don’t, their EU partners, suppliers or customers simply won’t take them seriously, and could well close the door on them. Whatever access to the single market the UK ends up negotiating, GDPR compliance will almost certainly be some kind of legal requirement. It’s the way of the world.
Last week, an EMEA director at Unisys, commenting on the GDPR, said “There are those that contend that Brexit will be the death of regulation… But if the UK wishes to keep doing business with EU member states, it will need to comply with these regulations, only without the ability to negotiate or challenge them.” And immediately after the vote, a senior VP of EMEA operations at a leading network monitoring and IT management company was quoted as saying the UK “will still need to adhere to suitable data protection measures in order to transfer data to and from the EU. So in many regards, the requirements of the GDPR will still apply and it is back to the business of preparing for it.” My advice is that when it comes to your own business, data protection and the GDPR, don’t assume you’re off the hook. It’s still coming your way. Plan ahead.