GDPR and Brexit: what will happen?

By the time the 31 March 2019 Brexit deadline comes around, the EU General Data Protection Regulation (GDPR) will have been effective for more than ten months.

What will happen after then has been one of the many mysteries of Brexit, but in August 2017 the UK government proposed data protection laws that would transfer the GDPR into UK law after it leaves the EU.

If the new Data Protection Bill is passed, there will be very few differences in the way organisations are required to handle UK and EU residents’ personal data.

Broader than the GDPR

The proposed bill largely replicates the GDPR, but it has so far added one extension: upon request, social media companies will need to delete people’s posts from before their 18th birthday.

Many people have expressed their support for the new bill, including the head of the Information Commissioner’s Office (ICO), Elizabeth Denham, who said: “We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.”

Todd Ruback, chief privacy officer and vice president of legal affairs at digital governance company Evidon, said: “The proposed UK legislation will obviate Brexit-related fears that the data spigot will be turned off because the UK’s data protection law doesn’t offer the same level of protection as the GDPR. Once the bill becomes law, it will endow the UK resident with new and codified rights, such as the right to access and correct data, and the right to delete it.”

He added: “The legislative process needs to be completed, and there will surely be many modifications that make their way into the final legislation, but it’s great to see the foundation being laid in the UK that will allow digital commerce to continue unabated.”

Become a GDPR expert

There will almost certainly be further changes to the Data Protection Bill, but the fact that it closely resembles the GDPR is good news for those looking to process, store and transmit personal data across the UK and the rest of the EU.

UK organisations will still need a strong knowledge of the GDPR, as the Regulation will be effective in the UK for the time being, but the Data Protection Bill will mean that preparing for the GDPR is not just a short-term solution.

We offer two GDPR training courses to help you improve your knowledge of the Regulation:

Certified EU GDPR Foundation Training Course

Certified EU GDPR Practitioner Training Course

Book these courses together in our combination course and save 15%.