The UK has seen a number of high profile data breaches in the last year since GDPR became law across the European Union. With the UK leaving the EU on October 31st, questions remain how data being transferred from one country to another will be treated.
After 3 years of talks with the European Union, it was agreed that the UK would continue to enshrine the GDPR principles into UK law, with the ICO providing guidance and enforcement in areas of data protection.
However, following the UK’s departure from the EU, it is currently not clear how EU member states or the European Union will treat Britain and whether it will be seen as a ‘third country’ in their view. This poses challenges and opportunities for the UK on areas including personal information and data rights. With UK law taking supremacy over decisions related to data security and compliance, there could be some uncertainty ahead over the direction of GDPR, and whether Britain will be a strong advocate of data protection moving forward.
Countries outside the European Union are treated differently, but can apply for what is known as ‘adequacy status’ that can facilitate data transfers in alignment with EU regulations when information passes through an EU member state. Currently, it is not clear whether the UK will be automatically considered for this status, or if it will have to apply for it.
The UK has one of the most advanced digital economies in the world with an important financial sector and it will be vital for businesses to know how to process and handle data between the UK and the rest of the world.