The GDPR Effect On Brexit
It is not yet clear how the UK's vote to leave the European Union will impact data processing and sharing across Europe. Businesses will need to anticipate possible new barriers to data sharing whilst at the same time working to encourage pragmatic solutions.
However, Brexit should not distract businesses from preparing for implementation of the EU General Data Protection Regulation in 2018. Reforms are coming with or without Brexit.
In practice, however, it is unlikely that Brexit will be significantly disruptive from a data protection perspective.
The UK's future data protection regime will to some extent depend on the nature of the UK's wider future relationship with the EU.
If the UK joined the EEA it would be obliged by agreement with the EU to pass a new law effectively implementing the GDPR in the UK. In that case, therefore, the impact of Brexit on UK data protection regulation would be minimal.
Any other post-Brexit arrangement would be likely to involve some agreement between the UK and the EU. This may or may not involve commitments from the UK regarding its data protection regime, clearly, however, those commitments would not require a higher standard of data protection than the GDPR.
Subject to any data protection commitments that the UK might make to the EU, the UK would, in theory, be free to regulate data protection post-Brexit as it saw fit.
This freedom would, however, be more theoretical than real. The GDPR, like the DP Directive, will impose tight restrictions on transfers of personal data from the EU and EEA to other countries which do not ensure an "adequate" level of protection for personal data.
The European Commission, with the EU Court of Justice looking over its shoulder, will need to decide whether the UK's new regime ensures an adequate level of protection.
A decision that the UK did not provide an adequate level of protection would be disruptive, putting the UK in the same category as non-EEA countries, such as the US, China and India, and requiring burdensome administrative steps to be taken to allow data sharing between the EU and the UK to continue.
In practice, therefore, the UK is likely to adopt a GDPR-like level of data protection, so as to ensure that EU and UK businesses can continue to share personal data.
You Might Also Read:
EU’s New Data Rules Are 1 Year Away:
EU / US Privacy Shield Affects Your Organisation: