Any hopes that the European referendum result will mean UK firms will no longer have to change their practices to conform to the EU General Data Protection Regulation if they only trade in the UK have been quashed by the Information Commissioner’s Office.
While Brexit means that GDPR will no longer be adopted into UK law, the ICO maintains that it will still be seeking to bring in equivalent measures by May 2018.
In a statement, the ICO said: “The Data Protection Act remains the law of the land irrespective of the referendum result.
“If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.
“With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens. The ICO’s role has always involved working closely with regulators in other countries, and that would continue to be the case.
“Having clear laws with safeguards in place is more important than ever given the growing digital economy, and we will be speaking to government to present our view that reform of the UK law remains necessary.”
Tech chiefs as clueless as ever about EU data laws
Third of businesses still feel unprepared for GDPR
7,000 data protection officers needed for UK firms
Marketers clueless about Brexit impact on data laws
Data compensation claims ‘could run into millions’
EU sets May 25 2018 as GDPR implementation date
Industry on alert as EU reviews online privacy laws
EU waves white flag over data protection officers