logo text

Friday, 3 February 2017

It's full steam ahead with GDPR implementation


Less than 24 hours after Parliament voted to let the government trigger Article 50 of the Lisbon Treaty, the formal mechanism for leaving the European Union (EU), the government has published its White Paper on Brexit. The White Paper covers various themes, such as trade, immigration, expats, sovereignty and devolution, but also includes some paragraphs on data protection arrangements.

The General Data Protection Regulation (GDPR), which is due to come into force next year, isn’t explicitly mentioned. However, the White Paper recognises the importance of stable data transfer for many sectors including financial services, technology companies and energy companies, stating, “As we leave the EU, we will seek to maintain the stability of data transfer between EU Member States and the UK.” The White Paper notes that one way of making this happen is that “The European Commission is able to recognise data protection in third countries as being essentially equivalent to those in the EU, meaning that EU companies are able to transfer data to those countries freely.”

All of this indicates that the government is sticking with its commitment to implement the GDPR. It is likely to be effective as UK law before Brexit happens anyway, but the Brexit White Paper suggests that even when this is no longer the case, any subsequent UK legislation about data transfers between the EU and the UK is likely to be “essentially equivalent”.

So, the message is: don’t delay with your GDPR preparations! The GDPR comes into force on 25 May 2018, by which time companies need to be ready, or face penalties. If you need any advice or support on what the GDPR means for your organisation, please don’t hesitate to contact Pritchetts.