Brexit and the GDPR - Do Updates in EU Data Protection Legislation Still Apply to UK Businesses?

Written by Niamh Elisabeth McShane | 3 min read
Published on: February 24th 2017 - Last modified: May 28th, 2021
Brexit and the reshaping of GDPR

Last year it was announced that updates to the General Data Protection Regulation (GDPR), a piece of legislation about the processing of the personal data of EU residents, would come into effect for EU businesses by May 2018. Although, you could be forgiven for overlooking this new legislation in light of the more unsettling events that occurred just a few months later; on June 23, 2016 the UK electorate made the historic and seismic decision to leave the European Union. So what will Brexit and the GDPR updates mean for your business?


The consequences of this referendum will likely take years to fully materialize and it is this lack of clarity that is encouraging many businesses and organizations to rethink their internal structures and examine their readiness for change. One thing is certain: being agile and adaptable has never been so crucial as it is now.


As businesses wait for the government to sort out what Brexit will mean in practice, questions about what laws will apply to whom remain unanswered.


One of those questions is: Will updates in EU data protection legislation still apply to UK businesses?

The short answer is yes. Brexit brings with it the reassessment of laws that govern business and trade between the United Kingdom and Europe, and immediately calls into question the subject of this blog series beginning with "Compliance Today."  Financial regulations, data protection, and security; these are the fundamental elements behind any given compliance system. From Spring 2017 onwards it will be these elements that are liable to change the way British businesses operate within the European Union.


Until more is known about what Brexit will mean in practice, businesses can future-proof their internal process infrastructure by creating a strong compliance culture in their organization and taking the necessary steps to implementing a compliance system.


Currently, there are only two facts we can be sure of. The first is that the British government will trigger Article 50 at some point in 2017, allowing for the process of exiting the European Union to begin. The second is that organizations operating within the European Union will need to fully comply with the new updates to the GDPR by May 25, 2018.


What will change in terms of compliance?

The updated regulations give more robust rights to the individual whose data is being processed, including more control over their own data. For businesses, this means that if you deal with sensitive or personal data in your organization, you will likely have to add several new steps to your data capturing processes as well as update certain packages and products in order to stay compliant. These updates can be broken down into six main points:


  • the data subject must give clear consent to the processing of personal data
  • the subject must have easy access to his or her personal data
  • the subject has the right to request that all data belonging to them be erased
  • the subject has the right to object to the use of their data for the purposes of ‘profiling’
  • the subject has the right to easy data portability from one service provider to another
  • those processing data are obligated to provide transparent and easily accessible information to data subjects on the processing of their data


If your business lacks the ability to provide one or more of these services to users, your processes will need to change in order to stay in compliance.


What won't change?

What won’t change, however, is the fact that regardless of what agreement Britain has in May 2018 with its European neighbors, if it chooses to operate within the European Union, it must uphold these new legislative requirements if processing the personally identifiable information of EU residents. Furthermore, data breaches will result in higher penalties than previously mandated—up to 4% of annual global turnover or €20 million, whichever is greater—so the benefit of establishing a strong compliance framework and nurturing a culture of compliance amongst your employees cannot be underestimated.


Time to implement a solid compliance framework?

The good news is that you have over a year to get your organization up to speed; more than enough time to implement a solid compliance framework and ensure that the compliance culture is actively embraced by all employees. Having well-documented and transparent processes not only makes good business sense, but for many organizations it will soon become a legal requirement. If you have any questions about how to implement a compliance culture and a framework that supports updating processes based on these new regulations within your organization or about how to get your team thinking in a process-oriented way, feel free contact us today. You can also get a more detailed insight into modern compliance programs in our complimentary whitepaper “The Blueprint for Modern Compliance.”


Published on: February 24th 2017 - Last modified: May 28th, 2021