The UK’s information commissioner, Elizabeth Denham, has insisted that UK companies should continue to prepare for GDPR, urging “I don’t think Brexit should mean Brexit when it comes to standards of data protection.” She points out how the UK was heavily involved in the drafting of the GDPR and even in the case of a hard Brexit, meaning leaving the EU without any deal, the UK will need to maintain strict data protection regulations and comply with the GDPR.
In other words, Brexit does not mean the end of data protection laws.
The mistake many businesses are making is assuming that Brexit will have an influence on data protection regulations in the UK. Stopping preparations for GDPR would be a mistake. Here are three reasons why organisations should continue and indeed step up their efforts to comply with GDPR:
The UK will not abandon the regulations they were so heavily involved in creating. The UK was heavily involved in drafting GDPR. It therefore only makes sense that the government will want to stick with the details of the regulation. What's more consumers will want to know that their personal data is always safe, and that is more likely to happen if they can easily find out how their data is being shared.
Even in the unlikely instance that Brexit results in the UK adopting data protection laws different to GDPR, many UK companies doing business in Europe or wishing to do so or UK companies that collect data from third parties based in Europe must navigate their way through European legislation to ensure they are compliant with GDPR. Therefore, adopting GDPR is the simplest way to ensure your organisation is always compliant with data protection regulations.
Even without GDPR, Britain’s two-year countdown to exiting the EU was triggered in March 2017. GDPR is set to come into full force in May 2018, meaning that even if Brexit did affect data protection regulations, there would still be a full year of having to be compliant with GDPR until Brexit occurs. Nonetheless, it is still unlikely that even in the long term, exiting the EU will have much, if any, influence on data protection laws in the UK.