Data protection after Brexit
The UK is going into GDPR, the Europe-wide refresh of data protection and privacy standards, regardless of Brexit. GDPR becomes legally enforceable on 25 May 2018.
The question is what comes after that.
The Data Protection Bill
In September 2017 the Data Protection Bill, a transitional arrangement between GDPR which will lay the foundations for a post-EU data protection framework, was introduced in Parliament. It is currently being debated.
What will it mean for you
There is a risk that post-Brexit UK’s EU data protection standards could watered down in a way that would threaten our users’ privacy, or would render ongoing data flows with Europe impossible – or both.
It will be important for all UK digital professionals to monitor the progress of the Data Protection Bill throughout the legislative process. This should include speaking up for our industry’s needs through the proper processes, including consultation responses and representation through industry bodies.
- UK Gov press release on GDPR and the Data Protection Bill
- UK Gov GDPR call for views (closed consultation; includes statement of intent and consultation outcomes)
- Department for Exiting the EU white paper on data flow adequacy after Brexit
- House of Lords enquiry into data flows after Brexit
- House of Commons briefing on data protection after Brexit
- Afterbrexit.tech side blog where I monitor EU tech policy through the Brexit process