UK ‘will implement EU data protection laws in spite of Brexit’
The UK will implement the EU General Data Protection Regulation (GDPR) in spite of Brexit, according to a specialist London firm.
The new regulation, which enters force on 25 May 2018, introduces major changes throughout the EU around the appointment of data protection officers, risk assessments, and the notification of authorities where a data breach has been detected.
It also provides for heavy penalties for companies that are in breach of the regulation, including fines of up to 4 per cent of global turnover or €20 million (whichever is greater) in the case of non-compliance.
Eileen Weinert of media law specialist practice Wiggin told The Brief: “The GDPR will survive this bloody severance of the UK from the EU. Any business offering goods or services into the EU will need to comply with the GDPR.
“It has, in that sense, extraterritorial effect. Plus the concept of citizens of the EU being afforded privacy rights over their data has caught on. Will UK citizens be willing to give up those rights?”
She suggested the GDPR would remain, “much like vast swathes of EU law woven into the fabric of UK legislation over the last 40 years”.
The UK’s newly-installed information commissioner, Elizabeth Denham, has previously called for the UK to implement upcoming EU data protection laws in spite of the Brexit vote.
Ms Denham said: “I don’t think Brexit should mean Brexit when it comes to standards of data protection.”
Adrian O’Connell, partner and head of contracts and technology at Tughans, told Irish Legal News: “The question whether or not to adopt forthcoming EU data protection laws, highlights a dilemma for the UK that Brexit poses in a number of areas of regulated activity.
“The choice is between striking-out on its own to give the UK a competitive edge, and the uncertainty and cost to business, in the short-term at least, of creating a regime that divergences from that of the rest of the EU.”