You may be thinking that now that the vote has been cast and it has been decided that the UK will leave the EU that you no longer have to worry about the impact of the General Data Protection Regulations (GDPR ‘s). However it would be wrong to think this.
It is likely to be some time until the UK officially leaves the EU and during that time EU laws will continue to apply, meaning that unless this has happened before 25 May 2018 (which appears to be unlikely) you will need to be ready to comply with the requirements of the GDPRs.
However, even after the UK leaves the EU, because the GDPRs apply to non-EU companies that target individuals within the EU (including where data processing relates to goods or services offered to EU residents or where their behaviour is monitored) UK companies will be subject to the GDPRs in respect of that data.
Until the GDPRs are in force you will need to continue to comply with the Data Protection Act. However the ICO has indicated that it “will be speaking to government to present [its] view that reform of the UK law remains necessary”. So, it appears likely that the Data Protection Act will be amended, possibly to reflect standards similar to GDPRs.
So in a land of uncertainty the only thing that is certain is that it is wise to start reviewing your business’ data protection processes and procedures and ensure that your data handling and security practices are up together.
Keep your eyes peeled for further updates about what the GDPRs means for you and your business.
We’ll keep you posted.