As the UK prepares to push ahead with leaving the European Union in 2017, businesses are being told to think twice before cancelling or delaying preparations for the forthcoming EU General Data Protection Regulation (GDPR). Here, John Culkin of Crown Records Management explains why the new EU law will still be of great importance here in the UK.
9 January 2017 | John Culkin
Business managers across the country have been studying the implications of a new Regulation, due come into force in May 2018, which aims to create a 'one-stop shop' for data protection across the European Union.
Key aspects include huge fines for data breaches, new rules around the collection of personal data and new rights for European citizens to ask for data to be deleted or edited. Many businesses will also be required to appoint a Data Protection Officer.
However, Brexit opens up the likelihood that the UK will have started the process of leaving the EU by the time it comes into force.
What does this mean for those currently preparing for the new regulation?
It is tempting for businesses to think that because the UK intends to leave the EU that this regulation will not apply. But although an independent Britain will not be part of the Regulation, in reality it will still be impossible to avoid its implications.
The Regulation governs the personal data of all European citizens, providing them with greater control and more rights over information held about them. So any company holding identifiable information of an EU citizen, no matter where it is based, needs to be aware. With millions of EU citizens living in the UK, too, it's hard to imagine that many businesses here will be unaffected.
The same applies to data breaches involving the personal data of European citizens. So it will still be vital to have a watertight information management system in place which allows businesses to know what information they have, where it is, how it can be edited and who is responsible for it.
What are the benefits of the EU GDPR? Is there anything we may miss out on by leaving the EU?
This is a regulation designed to make things easier for businesses which work with the personal data of EU citizens. A one-stop shop for data protection, for instance, is long overdue. Trying to regulate a rapidly-evolving digital world with legislation dating from 20 years ago does not make sense. Any regulation which encourages businesses to have strong and robust information management systems in place should be a good thing.
How could UK data regulation differ in future from those in Europe?
It's hard to see data regulation in the UK varying much from the essence of the EU GDPR which, after all, we have been heavily involved in drafting over the last few years. Having clear laws with safeguards in place is more important than ever in the modern world with a growing digital economy that relies on the safe sharing of data. If anything we may expect regulations to become even tighter in the UK in future - providing an opportunity to bill the UK as the safest place in the world for data.