4 Reasons UK won't abandon GDPR after Brexit

Why we think the UK will stick with GDPR after 2021

Are you wondering – or even hoping – that Brexit means the UK will abandon GDPR and relax its Data Protection laws?  We don’t think so, and in the time it takes to scoff a scone we’ll tell you why.

This is the third in our series on Brexit.   You can watch the accompanying video and our first two videos Did Brexit Kill GDPR and Brexit: Top 4 Impacts on your GDPR Program – which are part of Privacy Kitchen, FREE video help with GDPR and all things Privacy.  If you’re new to Privacy Kitchen, please do check it out here – and click subscribe and notify to hear about awesome Privacy Kitchen videos.

So – will the UK abandon the GDPR, or at least GDPR- style laws, after Brexit?

4 Reasons UK won’t abandon GDPR post-Brexit

Yes, after 1 January 2021, the UK could choose to move away from a GDPR style law.  We think it’s very unlikely, and here are four reasons why.

#1  International obligations

First – the UK’s long been signatory to international conventions and treaties, including the Council of Europe’s Convention 108 from 1981 which is legally binding and requires implementation of laws based on similar principles.

As a result, we’ve had general Data Protection laws now since 1984 and the 1998 Act was in place for two decades.

#2  International momentum

Second, the EU GDPR has confirmed the global direction of travel for Data Protection laws and has influenced laws from California to Brazil to India. It’s hard to see that reversing.

#3  EU adequacy decision

Third, the UK wants to receive an adequacy decision from Europe, allowing for easy transfer of personal data from the EEA to the UK after the end of 2020, as our trade with the EEA and the related exchange of personal data is a major part of our economy.

#4  EEA Legacy Data

And fourth, unless there’s a new deal, under the Withdrawal Agreement, the EU GDPR will continue to apply, in effect, to personal data transferred to the UK from other parts of the EEA before the end of 2020.  It’s called ‘stock data’ by the government.  We call it EEA Legacy Data, as we think it’s a bit clearer.

Now, we can’t see the UK government wanting to have essentially the EU GDPR applying in the UK for another day, so both sides will really try for that adequacy decision. And the EU GDPR essentially comes back for that EEA Legacy Data if the UK loses that adequacy decision in future.

So you can see there is a lot of impetus anyway to stay close to the EU GDPR in UK law, as well as the UK being signatory to a legally binding convention that has a requirement for similar principles-based laws to be put in place.

But what do you think?

Use #privacykitchen to tell us your thoughts, join in the conversation, use it to tell us the topics and questions you want covered.

Do look at our other Privacy Kitchen videos, on Brexit and other topics like Do I need a DPO? and Who can be DPO?  These are equally applicable under UK GDPR and EU GDPR.

Stay well in the meantime, and we’ll see you soon in Privacy Kitchen!