The General Data Protection Regulation (GDPR) is a policy from the European Union that was first put forward in January 2012 to replace the UK Data Protection Act 1998. According to previous government announcements, GDPR was due to come into force on 25 May 2018, at which point UK businesses would have been subject to significant penalties and fines if they failed to comply. However, Britain’s vote to leave the European Union has lead to a common assumption that these regulations will no longer be relevant to the UK.
A Place for GDPR in UK Business
Despite this speculation, questions over GDPR’s relevance to British businesses have been rejected by the Information Commissioner’s Office (ICO). Speaking at the Privacy, Laws and Business conference, Baroness Neville-Rolfe suggested that only the specific details of the regulations are likely to require altering, while the societal demands on which the policy is based are likely to remain intact.
According to the ICO, one of the main reasons the GDPR will remain relevant to the UK is the large number of British companies still trading with and seeking data from EU countries. Although it’s unlikely the GDPR will be enforced in the UK if Britain leaves the EU, the ICO argues that the new laws apply to both businesses and data sourced in the EU. This means that any British company processing the personally identifiable information (PII) of EU citizens will be required to meet GDPR standards or risk penalties.
Future Trading Regulations
The ICO has also noted the significance of the GDPR policy on any UK businesses that trade with countries within the EU, suggesting they would have to meet equivalent data protection standards to do so. An ICO spokesperson added: “With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens.”
In light of this information, DMA chief executive Chris Combernale suggested that businesses should continue with plans to update their data protection processes to ensure they’re only collecting fully compliant data that meets GDPR standards. In fact, Mr Combernale argues that the UK’s decision to leave the EU should not dissuade companies from urgently updating their data collection procedures in time for the original 2018 deadline. “The UK will be looking to enter into a trading relationship of some kind with the EU and so our data protection law will need to be broadly equivalent to the GDPR,” he said.
Seawave Data Compliance
Here at Seawave Media we pride ourselves on remaining in line with any data protection laws that could affect our clients, including the upcoming changes to GDPR. We have the processes in place to ensure our procedures are quickly updated according to any relevant changes in regulation, so you can be sure we’re providing fully compliant data that meets both UK and EU requirements.