On 7 August 2017 the UK Government committed to a new Data Protection Bill that will bring the UK’s laws into line with the EU’s General Data Protection Regulation, which comes into effect in May 2018.
So finally (you can hear my audible sigh of relief), a couple of weeks ago, we received absolute clarity on what data protection will look like in the UK post-Brexit. If you’re based in the UK and have not yet read the Department for Digital, Culture Media & Sport statement of intent, please do so! Here is the link. It removes any uncertainty about what the data protection law will be post-Brexit.
It’s not such groundbreaking news because since the GDPR will come into effect before Brexit is finalised, all UK companies already have a legal obligation to comply from May next year. But let’s be honest, as a result of the GDPR’s extraterritoriality clauses, UK companies with European data subjects have to comply or stop doing business in Europe.
Until the statement of intent was released, many UK companies were adopting a wait and see approach. This statement makes it clear that companies can no longer wait. They need to take action and prepare for the new data protection regulation.
UK Digital Minister Matt Hancock made it clear that the UK was serious about data protection when he said, “The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”
The government aims to make the UK one of the best places in the world to start and run a digital business and the safest place in the world to be online. The government is committed to a data protection framework that facilitates data flowing across borders and sees it as vital to the UK’s interests.
By committing to the adoption of what is becoming the gold standard in data protection law, the UK is enabling its businesses to develop innovative digital services across international borders with confidence.
If you’ve not yet started your GDPR compliance journey, now is the time.
I encourage you to take a look at GDPR365. We’ve developed a tool that will mitigate non-compliance risks and provide you with the roadmap you need to begin your compliance journey.