Brexit not an opportunity for UK to duck GDPR rules
New data protection rules to come in by summer 2018
The UK will still have to play ball with Europe when it comes to the incoming general data protection regulations (GDPR) once it leaves the EU, according to experts who have urged law makers to keep it a top priority.
Last week, 52 per cent of UK voters opted to leave the EU, bringing about a wave of uncertainty about which European rules the country will have to abide by in future once negotiations are complete.
The GDPR aim to give citizens more control over their personal data and ensure pan-European protections are in place. The new rules are set to come into force fully in summer 2018, after which companies will be fined if they do not comply.
Industry experts have claimed that although the UK plans to leave - regardless of whether negotiations are complete or not in two years when the rules come in - it will still have to abide by the rules.
"The plain fact of the matter is whether we are in - or as we now know - out, businesses operating in the EU, and storing and handling data from within the EU will still need to comply," said Russell Lux, CEO of TelcoSwitch.
"This is as applicable to a US company operating in the EU as it will be a British one. So any business thinking they might have bypassed this will be disappointed. No matter what market a company sells to, or operates within, it must abide by the regulatory framework, and the EU GDPR is no exception."
Customer data breaches and rumours of data snooping have been rife in recent years, causing uncertainty among those using certain cloud services.
With that in mind, Andy Green, technical specialist at data security firm Varonis, said the UK's own laws still have to be up to scratch with the pan-European versions.
"The GDPR applies even to companies or 'data controllers' outside the EU," he said.
"So if UK-based websites collect personal data from, say, a Dutch or French person, the GDPR still applies. And for UK companies with subsidiaries (and therefore data controllers) within the EU, and which try to get out of the GDPR by outsourcing processing to the UK, the GDPR, again, would still apply.
"Why? Under the GDPR, the UK would have to be an 'approved country', with adequate data protection, in order for EU personal data to be transferred out of the zone. In other words, the UK local data laws would have to be up to snuff and at the same level as the GDPR."