In the face of increasing uncertainty around Brexit, the Government has recently published regulations dealing with the continuation of data protection laws when (and if) the exit date finally arrives.
Broadly, the regulations seek to ensure that the existing UK legal framework for data protection functions correctly and seamlessly after the exit day. The regulations have been approved by Parliament but will only come into effect on the exit date.
For most part, the regulations enshrine the existing EU principles which are set out in the GDPR. However, there are a few areas which will be subject to change:
- With regards to transfers of data from the UK to other countries, the Secretary of State will inherit the power to determine which countries are “adequate” for the purpose of making a transfer without requiring additional requirements under GDPR.
- The higher and more onerous threshold of “consent” required by GDPR will also apply to direct marketing activities, including when businesses seek to rely on consent to send electronic marketing materials to individuals. Note that this amendment takes effect immediately and is not contingent on Brexit.
The regulations will be welcome news to businesses which have already implemented GDPR compliance strategies, as they should ensure that there is little disruption to the continuity of the existing dates protection laws.
If your business has not yet implemented a GDPR compliance program, or if there are any areas of your business which may fall foul of the existing DP laws, then this is a good time to ensure that your business is compliant.
For more details on Data, Brexit and the continuation of data protection laws please refer to our No Deal - No data article.
If you wish to discuss GDPR compliance with us, please contact us on 0161 941 4000 and asking to speak to a member of our GDPR team.