There has been much speculation around the status of the General Data Protection Regulation (GDPR) in a post-Brexit UK. Inevitably, the obligations imposed upon us by the European Union will fall away when the UK officially leaves the EU in 2018, including those surrounding data. That is, of course, unless domestic legislation is adopted to retain them.
Now, no one in the data industry would suggest that GDPR is anything short of a great step forward for data protection, both in the UK and across Europe. The market is in dire need of a shake up to wean out the cowboys and enable us to build back consumer trust in the industry.
Our current Data Protection Act is both inadequate and irrelevant, and without the EU-imposed Privacy & Electronic Communications Regulations (PECR) to accompany it, we’d be essentially lawless. All things considered, it would be common sense to adopt EU data law in the UK. But perhaps now is a chance to take things one step further and set an example for the rest of the world.
As much as it is a step in the right direction, GDPR by its very nature works to the lowest common denominator and is designed to reach a capability achievable by the least competent member state. Regarding ourselves as one of the most able member states, surely we should be able to create something a bit more robust?
I’m not suggesting we move too far away from GDPR but let’s at least consider the nuances of data use in Britain and how best we can serve these with the most effective legislation. The impending Brexit gives us the opportunity to create new laws that can work in everyone’s best interests, not least our own.
What is most important in the wake of the EU referendum result is that the industry remains more focused than ever. Naturally, there will be uncertainty, however, this should not be an excuse for industry bodies to further drag their heels on data protection. If ever, now is the time to act with confidence and take the lead.
The Information Commissioner’s Office claims we are on track to implement GDPR in 2018 but instead of simply adopting the legislation post-Brexit, the UK should take a more proactive approach and start assessing our legal framework today with a view to creating data laws that are absolutely right for us.
While the economic future of the UK may be somewhat unclear, the course of data protection should most certainly not be. If the UK does not adopt the contents of the new GDPR, both businesses and consumers will suffer the consequences.
However, the UK has been given a unique opportunity to drive things forward and lead from the front, and the industry should grasp this with both hands.
Andrew Bridges is data quality and governance manager at REaD Group