The Impact of Brexit on the EU General Data Protection Regulation

Amy Johnson •

Friday 24th June will be remembered as the day that shook Europe. In a historic move, the United Kingdom (UK) voted to be the first country to leave the European Union (EU) and in the days following this announcement, the nation has seen huge turbulence.

But as the dust settles, many people’s thoughts have moved away from the frenzy of political and economic news, to how Brexit will affect their businesses’ day to day operations. In this blog post, we’ll be exploring what Brexit means for the technology industry and the impact that it may have on British and European data.

What is the General Data Protection Regulation?

Last year, the European Court of Justice ruled Safe Harbor – an agreement that covered the transfer of European citizens’ data to the US – as no longer valid. A few months later, the EU’s General Data Protection Regulation has brought about another set of questions that many are seeking answers to. This generated huge debate across the technology and data center industry.

For those who might be unfamiliar, the EU General Data Protection Regulation (GDPR) is a European Union regulation, which was created to protect and standardize the use of personal data within and outside the EU. This wave of new European law helps unify data protection and ease the flow of personal data across the 28 EU member states. The GDPR rules were agreed in December 2015 in Brussels and are due to be enforced on 25th May, 2018.

How does Brexit affect GDPR?

Put simply, Brexit will not change the UK’s need to comply with GDPR, for now at least. The UK is yet to formally trigger Article 50 (a formal procedure which removes itself from the EU). While Article 50 can take immediate effect, it’s unlikely to be triggered for several months and even once it has been, its impact on the GDPR will likely take at least two years, possibly longer. Therefore, as GDPR is scheduled to come into force in 2018, the UK, in theory, will still be under EU law at this time. Because of the Brexit however, the UK will have a limited voice in shaping any EU regulations moving forward.

Although many things are uncertain at the moment, one thing that we’re confident about is that Britain needs to cooperate with Europe in every sense of trading as it’s in both parties’ interest to keep the data free-flowing. For many companies based in the UK alone, leaving the EU may be seen as an advantage as new regulations set out by the GDPR would not have to be complied with, such as the right to be forgotten, data portability and data breach notice requirements. But problems start to arise when traders outside of the UK, such as European and US companies, look to operate with UK companies and vice versa. The GDPR has offered a unified, blanket solution that all companies around the world could comply to. If the UK will not adhere to the GDPR after the Brexit, it will need to negotiate a separate data privacy agreement with the EU that continues to make it an attractive country to prospects.

Will the UK be affected in 2018?

It’s difficult to tell how the landscape will change over the next few years. But what we do know is that without laws, fines and rules, the moving and sharing of data would lead to countless law suits, uncertainty and explosive consumer upset. Abiding by these rules are in all companies’ best interests and those that don’t abide by them are unlikely to be taken seriously by EU traders. Although the hassle of changing internal policies are often the reasons behind businesses not wanting to implement them, we all need these rules to help unify how we’re using data across Europe – something that is beneficial to everyone. Therefore, in some way or another, the UK will need to abide by these laws (or a very similar set of laws) for the foreseeable future.

It’s likely, however, that the way in which companies in the UK interact with the GDPR is going to get significantly more challenging. Logistically and legally, the UK has several uncertain years ahead. The challenge comes as the EU and the UK negotiate on how GDPR-compliant firms operate together. As the UK is no longer going to be a member of the EU, both parties will be aiming to reach an agreement that reduce costly fees and time consuming logistics that are needed to off-set the UK’s non-EU membership.

The verdict: Keep calm and carry on being compliant

In the run up to the UK EU referendum, there was an abundance of rumors, predictions and sizable promises. Days after the vote to leave the EU and this is still very much so the case.

Companies looking to stay ahead of these changes during uncertain times should remain level-headed throughout the transition. The UK is still a member of the EU until Article 50 has been triggered and therefore nothing has changed in a legal sense. Until it does, companies should carry on as normal and remain compliant with the laws currently set in place.

Related Articles


Language & Location