Skip to main content

No Brexcuses: GDPR preparations must continue

Whether or not you voted for Brexit, whether or not you believe it’s a done deal, there’s one thing post-referendum that surely isn’t up for debate. For British companies wanting to trade with Europe, the bureaucracy of Brussels isn’t going away. And that particularly applies to data protection. Some business people may well have heaved a sigh of relief on June 24th at the thought that GDPR (General Data Protection Regulation) the tough new European data protection regulation that was adopted in April 2016 and comes into force in May 2018 would no longer apply in the UK. That idea was based on the premise that the important thing is where the data is stored.

Unfortunately, that’s not true under GDPR. What matters is whether the data concerns EU citizens, irrespective of where it is stored. Current UK data protection legislation comes from the Data Protection Act 1998, based on the 1995 Data Protection Directive. That will be superseded in Europe by GDPR less than two years from now. In other words, even if Article 50 were notified right now, GDPR would come into force before the Article 50 two-year post notification period runs out. Because GDPR is a Regulation and not a Directive, it does not require enabling national legislation to become law. That means it will apply in the United Kingdom, whether we like it or not. Even once Brexit is fully negotiated and implemented the chances are that the UK will either have to comply with GDPR or implement data protection legislation of its own that the EU deems adequate (i.e. the same or very similar) if it wishes to keep trading with the European Union. This is likely to be equally applicable to the Network and Information Security Directive which has until May 2018 to be implemented in national law.

So, if UK businesses have any ambition to continue selling to European customers, viewing Brexit as an opportunity to side-step data protection obligations is a serious mistake. Despite the GDPR’s short term disruption, the regulation is likely to have a positive impact on data security industry. It will accelerate the modernisation of Europe’s data security practices and enforce consistency of approach between EU member states. Nonetheless, it will require European business of all sizes to take a very close look at their security, including those in the UK. From both commercial and practical perspectives, preparations must continue. Regardless of what you make of either Brexit or the GDPR, businesses in the UK have no choice but to keep pace with the regulation.

Share Post

Contact Us

Swivel Secure USA

+1 949 480 3626 (Pacific Time)

Toll Free: 866.963.AUTH (2884)

Swivel Secure UK & Ireland
  • Equinox 1
    Audby Lane
    Wetherby, Leeds
    LS22 7RD
  • HQ: +44 (0)1134 860 123
  • Support: +44 (0)1134 860 111
  • Pinewood
    Chineham Business Park
    Chineham, Basingstoke
    RG24 8AL
  • +44 (0)113 360 4693
Swivel Secure EMEA
  • Via Torino, 2
    20123 Milano
  • +39 02 947 54 990
  • Av. Juan Carlos I, nº13 – 12º planta (Torre Garena)
    Alcalá de Henares
    28806 Madrid
  • +34 911 571 103
  • Sheikh Zayed Road
    Nassima Tower
  • +971 44 55 7900
Swivel Secure APAC
  • El Dorado Lexington
    Tower 100
    Panamá City
  • +507 694 96 250