How Brexit Will Impact UK GDPR Compliance

On June 23, U.K. citizens approved Article 50, a Brexit from the EU for social and political reasons, but few understood the data protection ramifications that this unprecedented movement placed on British companies.

What U.K. officials initially forecasted to begin in 2017 could, in fact, be delayed until 2019, and with the GDPR going into effect on May 25, 2018, U.K. companies will not be exempt from compliance.

The U.K. will still be an EU member when the law comes into force, which means the country is obligated to fulfill all aspects of GDPR. In the event of a fast-tracked Brexit, the new data protection laws would still apply to UK companies that hold EU citizens’ data.

U.K. organizations should be less concerned with GDPR compliance logistics, and more concerned with being held to the EU’s standards without having guaranteed input for the GDPR’s future direction.

Digital innovation is what will make the U.K. successful in its attempts to become GDPR-compliant.

“We see GDPR as an opportunity to positively change customer relationships, as well as a legal requirement,” said David Evans, Director of Policy at BCS. “What is clear is that a level of improved social interaction is required around data whether we are in the European Union or out of it.”

Some sources believe that GDPR is too limiting, and that Brexit will give the U.K. an opportunity to replace strict EU data protection regulations with progressive rules that enable data-driven innovation.

Regardless of the outcome, British businesses should continue to plan for GDPR. Even if these specific data protection rules aren’t enacted in the newly independent U.K., there’s no doubt that a comparable regulation will appear in its place.