Trying to remain neutral whilst describing British politics in the last 12 months leaves me with only one viable adjective: eventful. Though the initial Brexit announcement may feel like it happened in the 1800’s it was just 12 months ago. In fact, this week marks the first anniversary of the UK’s vote to leave the EU. What does a post-Brexit Britain look like for business? That’s anyone’s guess, and you’re best not to bring it up at the dinner table.
To further complicate things, we’re also watching the GDPR approaching over the horizon, bringing with it a set of tighter European cybersecurity legislation and your business will have to follow, and bigger fines if it doesn’t follow them.
I wouldn’t blame you for thinking that the GDPR and Brexit were linked in some way. I did; talk of Brexit and the GDPR appeared at roughly the same time. They both seem pretty complicated and they both have something-or-other to do with the European Union. But they are not linked, which means that leaving the EU won’t have an immediate effect on GDPR regulation, and it will likely be the framework of our own Brexit-flavour data protection laws for the next few years.
Will Brexit make the GDPR invalid?
The short answer is no. The GDPR comes into effect for EU nations from 25th May 2018. The UK is set to go full Brexit on 29th March 2019. Let’s do the maths: that means there’s at least a year of GDPR compliance to prepare for, whether we leave the EU or somehow brush Article 50 under the rug, whistling inconspicuously, and pretending this never happened.
Even though the divorce looks final we can’t exactly move out. We’re still going to have to live with our European exes because it’s pretty hard to up sticks and walk this island over to the Caribbean sea (where else?!). As our closest neighbouring countries, it’s no surprise that there’s lots of trade being done across the channel and further into the EU.
What is the GDPR?
It stands for the General Data Protection Regulation, and it’s the European Union’s new, more stringent legislation to better protect EU resident’s personal data.
I’m still going to steer clear of the wider post-Brexit trade discussion, and simply focus on GDPR.
Post-Brexit, GDPR regulations still apply to all nations handling data from within the EU. So, if you’re a British online shop shipping fidget spinners to Spain, France Italy etc., you’ll have to protect those customer’s data to a GDPR standard.
Matt Hancock is the UK Government Minister responsible for data protection and during an EU Home Affairs Sub-Committee said that the post-Brexit plan is to mirror the GDPR as closely as possible to maintain the harmony and avoid making Brexit turbulence worse than it need be.
In the long term, this could change because we’ll be in charge of our own data protection rules Matt Hancock told the committee. He said: “Once we’ve left, there’s a corollary with our relationship with other major economies, the US being the best example. If the US changes it data rules now, the EU (and in future us and the EU) will have to think about if we change ours.”
The EU already has a non-GDPR agreement with the US for sharing data, and whilst we currently share data with the US via the EU, post-Brexit we’ll have to make a similar custom agreement with the Americans too, which might mean that our GDPR-clone starts to evolve separately.
So GDPR is still happening?
The short answer is yes. We’re bound by the official GDPR before we are scheduled to leave the EU, and will likely mirror GDPR and GDPR updates to ensure continued data-sharing with the rest of the EU post-Brexit.