Tag Archives: General Data Protection Regulation post Brexit

The future of GDPR post Brexit is now clear.

General Data Protection Regulation will come into effect on May 25th 2018 however most of us are less clear on the future of GDPR post Brexit.

UK Digital Minister plots course for GDPR post Brexit

What has been less publicised is how GDPR will be integrated into UK statute as part of the process of unravelling the UK from the European Union legal system post Brexit.

The Governments stance has been that it will be accomplished by a process that will involve mirroring existing EU legislation into British statute.

GDPR post Brexit
UK legislation is intended to mirror GDPR

Hence the importance of Tuesdays announcement by the UK Digital Minister Matt Hancock, that it is the UK Governments intention to ensure by close adherence to the EU GDPR post Brexit, that it complies fully with the European legislation. The UKs arrangement is all about providing a smooth transition between GDPR EU and Data Protection Regulation for the UK.

“Hancock repeatedly emphasised that unhindered data flows between the UK and EU – including law enforcement and medical research data – is a key goal that the UK government will pursue in the Brexit negotiation process”.

“He said GDPR would be implemented in full because it is a “decent piece of legislation” due to “significant” UK negotiating successes during its development and because it will help ensure the UK is starting from a position of “harmonisation” rather than a position of difference in Brexit negotiations.”

The UK vision for GDPR may diverge from the EU over time

In line with the doctrine of UK being able to define its own legal structures outside of the EU post Brexit, while presumably maintaining strict adherence to GDPR is the assertion that GDPR post Brexit the UK DPR legislation may differ in certain respects to EU GDPR.

An example of this that is presently exorcising privacy campaigners is that privacy groups in the UK will not be able to take up independent data protection complaints on behalf of consumers as currently, the UK’s proposal does not take up this option available under EU law.

This highlights the importance the role of Data Protection Officer  within companies and of course we at Tamite Secure IT can take on that role or assist your internal DPO to keep your GDPR policy current as it evolves.

What does GDPR mean to me?

Under GDPR Organisations will have greater obligations as to how much data they can hold, how it is used and the levels of security they are expected to apply to the data to provide adequate protection for the data they hold that relates to you and me.

Companies who fail to comply with GDPR will be fined and the level of fines are such that they have a financial imperative to comply.

Anyone who witnessed the adverse effects of the Cyberbreach at Talk Talk will recognise that these days the adverse publicity around data breaches provides a very clear business imperative to companies who hold customers personal data to keep it secure.

Time to embrace GDPR

Companies that actively embrace GDPR have found it can provide a competitive advantage, we have seen evidence of companies actively promoting their GDPR / ethical credentials, as a company it demonstrates you actively care for you customers.

Most of us who work within businesses and understand that they rely on keeping personal data to keep in regular contact and for marketing purposes.

GDPR will ensure that this privilege is not being abused.

From a personal point of view I applaud the aims of the legislation, organisations need to understand the need for controls over personal identifying data they often gather as a matter of course during business with little thought to the potential pitfalls.

The gathering of such information comes with obligations that are now to be recognized in law, failure to provide adequate safeguards has been demonstrably disastrous and for all concerned it can have far reaching implications.

So from May 2018 customers should be asking themselves why would I as an individual want to deal with a company who don’t value me as a customer enough to wish to comply with GDPR?

In fact when you decide on your next purchase, who will provide you with your energy, which holiday company or airline you will make travel plans with. You may wish to ensure they actively comply with General Data Protection Regulation.