By Austen Clark
With the clock ticking down until Brexit finally becomes a reality, there remains much confusion, puzzlement and mixed messages about the what life will be like in the UK after we quit Europe.
I have no crystal ball to predict what impact Brexit will have on the nation – but I can safely say that the EU’s General Data Protection Regulation (GDPR) directive has helped organisations take a serious look at how they handle personal data, and to act accordingly.
That is no bad thing. The UK’s withdrawal from the European Union isn’t going to change the need in having high principles when it comes to handling people’s personal data.
At the time of writing, I don’t know what – if any – kind of deal the UK is going to leave Europe with come March 29. With so much discussion and debate over Brexit, it’s hardly surprising the question of whether UK organisations will remain under the jurisdiction of GDPR has again raised its head.
Before GDPR became into effect, on 25th May last year, there was a degree of uncertainty in some quarters over whether UK businesses would need to comply given the ongoing negotiations on Brexit.
Some business commentators speculated that given the UK had initiated Brexit, GDPR compliance would not be required.
Back then the Queen’s Speech made it clear that the UK would be adopting all of the GDPR requirements, further committing to the UK remaining “world class” in terms of its data protection regime.
So GDPR is very relevant. The UK is severing its links from the EU’s legal framework, but it continues to stand by GDPR meantime. Brexit is no ‘get out clause’; UK companies that wish to continue to do business with the EU after Brexit will need to comply with the Regulation to avoid infringements.
Think of what I call the ‘wider reach’ of GDPR. Organisations quite rightly want to continue trading with as little disruption as possible and those that are GDPR-compliant can show they have the correct measures in place to protect their customers’ personal data and have the adequate level of protection required.
We may live on an island, but the global economy means that commerce stretches beyond shores and borders. Organisations all over the world have EU citizens as customers and they need to regard their legal obligations in order not to flout the regulation.
So the EU’s GDPR will continue to apply to UK companies that collect or process data relating to EU residents post-Brexit. GDPR has been a good thing, bringing in tighter data protection procedures and charting the way towards a stronger regime.
UK businesses with EU clients will continue to have a responsibility to have stringent rules on personal data – and complying with GDPR has put them in that position. So whether it is GDPR or a similar law that follows, the need to protect personal data will remain.
Remember, the plus points of GDPR are many – better-defined data subject’s rights, the ability to exercise more control over how, when and why their personal data is being used, the opportunities to file complaints when necessary with pre-defined authorities or employees of the companies.
Deal or no deal, there will be no immediate change in the UK’s data protection standards – The Data Protection Act of 2018 is still in place, and the EU Withdrawal Act would incorporate the GDPR alongside it.
What is more, businesses that are already GDPR compliant can evidence that they have relevant measures in place to protect customer data.
The ICO has published guidance and practical tools to help organisations understand the implications and to help plan ahead for life after Brexit.
It can be viewed here:
For those who may still be in doubt, my advice is to refer to your IT services trainer and provider.
Clark Integrated Technologies has helped organisations become GDPR compliant, find out more visit www.clark-it.com