The future of privacy rules after UK´s referendum to leave the EU
On the 23rd June, UK celebrated a referendum to vote about UK´s EU membership. About 52% of the participants, voted for leaving the EU. The process of withdrawal from the EU will have to be done according to Art. 50 of the Treaty on the European Union and will take about two years until the process is completed.
The withdrawal of the UK´s membership will also have an impact on data protection rules. First of all, the GDPR will enter into force on the 25th May 2018, so that by this time, the UK will still be in process to leave the EU. This means that UK businesses will have to prepare and be compliant with the GDPR.
Additionally, if UK businesses trade in the EU, a similar framework to that of the GDPR will be required in order to carry out data transfers within the EU member states. The British DPA, ICO, published a statement regarding the existing data protection framework in the UK. According to ICO, “if the UK wants to trade with the Single Market on equal terms we would have to prove adequacy – in other words UK data protection standards would have to be equivalent to the EU´s General Data Protection Regulation framework starting in 2018”.
Currently, the GDPR is the reference in terms of data protection and organizations will have to prepare to be compliant and, even if the GDPR is not applicable to UK, a similar framework should be in place by the time the GDPR enters into force.