Are you wondering – or even hoping – that Brexit means the UK will abandon GDPR and relax its Data Protection laws? We don’t think so, and in the time it takes to scoff a scone we’ll tell you why.
This is the third in our series on Brexit. You can watch the accompanying video and our first two videos Did Brexit Kill GDPR and Brexit: Top 4 Impacts on your GDPR Program – which are part of Privacy Kitchen, FREE video help with GDPR and all things Privacy. If you’re new to Privacy Kitchen, please do check it out here – and click subscribe and notify to hear about awesome Privacy Kitchen videos.
So – will the UK abandon the GDPR, or at least GDPR- style laws, after Brexit?
Yes, after 1 January 2021, the UK could choose to move away from a GDPR style law. We think it’s very unlikely, and here are four reasons why.
First – the UK’s long been signatory to international conventions and treaties, including the Council of Europe’s Convention 108 from 1981 which is legally binding and requires implementation of laws based on similar principles.
As a result, we’ve had general Data Protection laws now since 1984 and the 1998 Act was in place for two decades.
Second, the EU GDPR has confirmed the global direction of travel for Data Protection laws and has influenced laws from California to Brazil to India. It’s hard to see that reversing.
Third, the UK wants to receive an adequacy decision from Europe, allowing for easy transfer of personal data from the EEA to the UK after the end of 2020, as our trade with the EEA and the related exchange of personal data is a major part of our economy.
And fourth, unless there’s a new deal, under the Withdrawal Agreement, the EU GDPR will continue to apply, in effect, to personal data transferred to the UK from other parts of the EEA before the end of 2020. It’s called ‘stock data’ by the government. We call it EEA Legacy Data, as we think it’s a bit clearer.
Now, we can’t see the UK government wanting to have essentially the EU GDPR applying in the UK for another day, so both sides will really try for that adequacy decision. And the EU GDPR essentially comes back for that EEA Legacy Data if the UK loses that adequacy decision in future.
So you can see there is a lot of impetus anyway to stay close to the EU GDPR in UK law, as well as the UK being signatory to a legally binding convention that has a requirement for similar principles-based laws to be put in place.
But what do you think?
Use #privacykitchen to tell us your thoughts, join in the conversation, use it to tell us the topics and questions you want covered.
Stay well in the meantime, and we’ll see you soon in Privacy Kitchen!
Struggling to decide if you need a Data Protection Officer? You’re not alone – and many organisations have made the wrong decision, putting employees under conflict and signposting they don’t…
If someone says to you: ‘OK, we’ll get you GDPR compliant, we need to start you off with 27001‘ or they say ‘ISO 27001 is the standard for, or the…