Call us on 03450 21 21 51

What happens with GDPR after Brexit?
The SRM Blog

What happens with GDPR after Brexit?

Ian Armstrong

Written by Ian Armstrong

22nd June 2020

Share this article

A lot has happened in the past few months, but the implications of Brexit remain a key concern for businesses – especially those processing data across borders.

You’d be forgiven for thinking the UK has finally moved on from the uncertainty of Brexit. After all, the spread of COVID-19 has created a new wave of uncertainty, dominating headlines for the last 3–4 months.

However, despite government assurances to “get Brexit done”, the implications of what Brexit means for businesses going forward may still seem unclear. In particular, many businesses are concerned about what it might mean for data protection. After all, no matter which side of the political divide one stands on, we can all agree that guidance on the future of our many regulations and international agreements is needed.

The introduction of new GDPR guidelines in 2018 created stricter regulations regarding data protection and storage for EU businesses. But now that the UK is officially planning to leave the EU, does this still apply to British brands?

Changes to data protection in post-Brexit Britain

The short answer here is: the UK will still need to comply with GDPR, at least for the time being. The General Data Protection Regulation applies to all businesses based in the EU and those with EU citizens as customers. But it also has an extraterritorial effect, so non-EU countries are also affected.

This means that, even though the UK is set to leave the EU, organisations should still adhere to the principles of GDPR. This is true while we are still technically part of the EU, but will also continue to be the case in the period immediately following our divorce from the EU.

International companies with any EU citizens as customers need to be aware of the obligations and comply with the rules in order to avoid fines. With so many UK businesses still working alongside EU clients, GDPR’s influence isn’t just going to disappear.

The transition period

Our departure from the EU also isn’t something that’s going to happen overnight. Despite no longer being part of the EU, there will be a transition period in order to allow the details of the Withdrawal Agreement to be clarified.

This transition period was originally set to last until the end of the year and, despite the huge disruptions caused by the coronavirus pandemic, there appears to be a continued commitment from the government to complete the transition swiftly. However long it takes, this transition period is designed to help us negotiate a new agreement with the EU.

During this transition period, GDPR will continue to apply in the UK and businesses won’t be required to take any immediate action.

What happens when this transition period is over?

What happens after this transition period depends largely on the agreements made while the transition period is taking place. However, it is important to note that a ‘UK GDPR’ has already been put in place to ensure that data protection standards are maintained through the transition period. The Data Protection Act 2018 will also be revised to ensure that sufficient regulation remains in place – both during and beyond the transition period.

So what can businesses do right now?

The best course of action for UK businesses across all industries is to ensure that your customer, employee and corporate data is as well protected as possible. Whatever guidelines come out of this period, no doubt they will require businesses to adhere to strict data protection laws.

For those companies working to existing frameworks such as ISO27001 or PCI DSS, they will already find themselves closely aligned with GDPR. SRM Consultant, Claire Greathead, explains:

“Conscientious businesses committed to maintaining high standards of data security and following best practice will have little need to worry about GDPR. Even for those organisations who don’t carry ISO certification, following these guidelines can go a long way towards meeting data protection requirements across industries and indeed across international borders.”

Seeking support from experienced GDPR consultants can help you take the necessary steps right now to plan ahead, and feel more in control of your business’s data protection for the long term.

If you’re looking for security support for your business during these uncertain times, SRM are here to help. Get in touch with a member of our expert team today by clicking here.

Back to top