GDPR & Cybersecurity Post-Brexit
24 Aug, 2016
With the dust settling on the UK’s decision to leave the EU, Blacks Solicitors’ Phil Gorski takes a closer look at the impact this will have on cybersecurity and intellectual property for businesses.
How Brexit will affect data protection in the UK?
UK businesses have for some time now been thinking carefully about what they will have to do to comply with the EU’s General Data Protection Regulation (GDPR). Brexit has not made their deliberations any easier.
Data protection law in the UK, as with many of our laws, is based on legislation which originates in the EU. The GDPR is a modernisation of the current, slightly rusty, regime, put in place by the Data Protection Act 1998. It introduces new and stricter obligations and a system of increased fines to go with them and is due to come into force, this time without the need for any enacting UK legislation, on 25 May 2018.
The obvious question facing businesses, following the result of the referendum last month, is whether the GDPR will come into force in this country at all. The most likely answer is that it will. As everyone will by now know, the exit clock formally starts ticking once the UK gives notice of its intention to leave the EU under Article 50 of the Lisbon Treaty. As Article 50 provides a minimum two year period for formal exit negotiations to take place, even if notice had been provided immediately, the GDPR would still come into force.
Whether the GDPR remains in the long term, however, depends on what alternative relationship with the EU is eventually put in place. It is the uncertainty here that makes planning for the future difficult.
It is difficult to predict what obligations either would impose on businesses. A system which provides an adequate level of protection could take a number of forms and it is almost impossible to know which parts of the GDPR might be retained.
What does all this mean in practice?
Phil Gorski, a lawyer specialising in IP at Blacks Solicitors says: “Businesses should work on the basis that the GDPR will come into force in May 2018 and that it will stay in force for some time afterwards.
“There are a number of ways that businesses can protect their online data, the most basic of these being: making sure company’s anti-virus software is up to date and that all staff are correctly trained in online security and data protection.”
For more information about what Brexit will mean for data protection in the UK, read Phil’s latest blog post here.
(Source: Blacks Solicitors)