We published an article last week that set out our view that the The General Data Protection Regulation (“GDPR”) which will come into force on 25 May 2018 would survive the United Kingdom’s exit from and new partnership with the European Union (“Brexit”). Our general advice was that organisations should continue their preparations for the GDPR.
The Government’s White Paper on Brexit released today (2 February 2017) gives a strong indication that this will be the case.
The EU data protection framework is specifically mentioned, at paragraph 8.38 of the White Paper, as an example of legislation, facilitating stable data transfer, that maintains “a positive environment for businesses, investors and consumers”.
The White Paper states the UK Government’s intention to ensure that data protection standards in the UK are “essentially equivalent” (paragraph 8.39 recognises the importance of this doctrine) to those in the EU.
At paragraph 8.40, the White Paper states,
“As we leave the EU, we will seek to maintain the stability of data transfer between EU member states and the UK”
Some commentators may say that this indicates that the GDPR will not be implemented in full; that “essentially equivalent” does not mean “the same”. We agree that the White Paper is certainly open to this interpretation. It’s a very broad document and the EU data protection framework is referred to only in passing as an example of “cross-cutting regulations” .
However, the GDPR is likely to be effective as UK law before Brexit actually occurs. Our view remains that when the GDPR ceases to have direct effect as law in the UK on Brexit, any subsequent UK legislation (that preserves data transfers between the EU and UK) is likely to be substantially similar, “essentially equivalent” if not the same as the GDPR.
Brexit should not be used as an excuse to stop GDPR preparations.
Garfield Smith – Technology and Data Lawyers is a UK law firm that advises its clients (that include cutting-edge technology start-ups to FTSE 100 and Forbes 500 companies, charities and government bodies) on the legal and regulatory issues that arise when those clients develop, scale, protect, exploit and procure technology.
We work across a broad range of sectors from automobile and advertising and marketing to FMCG and financial services. A significant part of our work is advising clients on issues arising from the use of personal data or PII.
If you need legal advice involving technology, data, communications or content, we can help you.
Tel: +44 (0) 207 873 2361