EU GDPR & BREXIT – What happens now?

As the European Union & United Kingdom continue with Brexit negotiations, both parties are also preparing for the implementation of the new General Data Protection Regulation (EU GDPR) which becomes legislation on May 25th, 2018. While the UK will be exempt from other European legislation by March 2019, the EU GDPR will apply to every organisation large or small that manages data of EU citizens. To further complicate matters the UK government this month have also introduced their own Data Protection Bill which for the most part mirrors the EU GDPR. This bill is still in its infancy and is far from being passed into legislation, but in the meantime, UK organisations must not ignore GDPR and begin preparations on complying with the EU Law.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). Put simply, the legislation states that the personal data of all citizens of the European Union are protected by EU GDPR even if their data is processed by an organisation from a non-member state. By failing to adhere to this ruling, such organisations put themselves at risk of heavy fines – a maximum of €20 million or 4% of the annual turnover.

Not Prepared

Results from a recent survey by Crown Record Management indicate that 24% of UK-based organisations have cancelled preparations for the regulation, while 4% have yet to begin preparations. This contrasts with a report from the International Association of Privacy Professionals, which states that 94% of companies with privacy professionals are preparing for compliance with GDPR, and over 58% are investing in privacy training for their staff. The report also states that UK privacy professionals are 9% more likely to build a relationship with a consultancy as opposed to a law firm.

Results in the report from both a UK-based survey and a Global Governance Survey from the end of 2016 outline some of the highest ranked challenges listed by privacy professionals in relation to GDPR compliance. The “right to be forgotten” is named as the number one difficulty for both groups of respondents, while data portability, understanding research allowances and gathering explicit consent are the next three biggest challenges for UK professionals.

3rd Party Country

Following Britain’s eventual departure from the EU, this will make them a “third party country”. The UK will require a mutual legal assistance treaty with the EU, as exists between the Union and the USA, to process, transfer or disclose personal data of EU citizens. However, the UK parliament appears to be taking a different approach. In spring 2016, the UK minister responsible for data protection, Baroness Neville-Rolfe, announced that the UK Government have chosen to opt out of this portion of the GDPR “because of concerns relating to the integrity of the UK legal system”. This may cause further tensions in Britain’s relationship with the EU and cause confusion for UK organisations.

The Future

Even though Britain is slowly edging towards the European exit door in March 2019, GDPR will be active in all EU member states ten months which means UK companies must not ignore these regulations especially as the UK government are now announcing their own version of the Data Protection Bill. This bill, for the most part, is a copy of GDPR. It will go before the House of Commons next month and according to reports, this is being fast-tracked. Even if the Data Protection Bill was not on the way GDPR would still affect any UK company that manage data of EU citizens. Location of your operations is not a factor this is about where the user’s data comes from.

The GDPR ruling relating to companies from non-member states or “third countries” says they must abide by the regulation when processing personal data of EU citizens will apply to every UK company. Brexit or not, British-based companies must prepare for GDPR to avoid those hefty fines.

The key point for businesses to understand that demonstrating compliance will be key here. The future of Data Protection is about providing transparency and security of users data. If found in breach of these regulations the financial impact can be significant not to mention the damage this can cause your brand in the long term.

Contact Certification Europe today and learn how ISO certification can help your organisation comply to EU GDPR.


Emma Orford
Emma Orford


Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …

Related Insights

How to make small business sustainability a priority

Small business sustainability is becoming a priority in the drive towards Ireland becoming net zero – here’s…

What is circular economy and what does it mean for organisations?

The circular economy is not a new phenomenon. Read our breakdown of what the circular economy is…