You may have heard about the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. However, do you understand what its implications are pre and post Brexit?
It is vital that any businesses or organisations based in the UK understand what those implications are as non-compliance with the GDPR can lead to serious consequences, including fines of up to 20 million euros or 4% of annual turnover, whichever is higher.
What does the GDPR mean for the UK in the interim?
There will be a period, following the introduction of the GDPR, when the UK is still part of the EU. This means that people in the UK will also be residing in the EU, and will be subject to the protection that the GDPR affords individuals who live in an EU state. This means that all businesses and organisations in the UK that are involved with processing the data of people who live in the country will need to comply with the GDPR.
What about following Brexit?
There is currently a Data Protection Bill going through Parliament in the UK which deals with the protections afforded by the GDPR. Once this bill has gone through Parliament it will be law. Whether this law will still apply to UK citizens following Brexit, or whether the law will be changed, remains uncertain. But, what is certain is that UK based businesses and organisations will still need to comply with the GDPR following Brexit if they process the personal data of people who live within the EU.
This is because the GDPR is a global concern. Any business or organisation must comply, if it is involved with the processing of the personal data of people who reside within the EU, no matter where in the world it’s based.