“During a meeting with the ICO on 11th July at its offices in Wilmslow, we gauged what its view is on the future of GDPR. While there is clearly some uncertainty in light of Brexit, Data Protection will clearly need, at the very least, to be closely aligned to the higher standards detailed in the regulation.
We also know that the implementation date of 25th May 2018 will arrive before we finally leave the EU on whatever terms. The ICO is urging businesses to move to complying with the GDPR in order that they are well placed to comply with tighter regulation in the future and is lobbying Government to this effect.
As we highlighted in our Brexit opinion (attached), the UK will need to follow a number of EU Directives and Regulations where there are cross-border trading or data implications to ensure the UK meets the EU standards required to carry on doing business with EU Member States.
The GDPR sets the bar at a level where the current Data Protection Act will certainly need to be significantly revised – and in a timescale that mirrors that of the GDPR (i.e by 25 May 2018) – to ensure that EU / UK data flows and the underlying business and commercial implications are unaffected both pre and post Brexit.
Finally on 12th July the European Commission announced the adoption of the EU-US Privacy Shield to replace Safe Harbor as a means of transferring EEA personal data to the USA. Certification applications will be processed from 1 August 2016.
See press release at http://europa.eu/rapid/press-release_IP-16-2461_en.htm?locale=en
See latest Newsletter: JUL16-newsletter-icm
See latest BREXIT Assessment: Brexit view – website
Regulatory Strategies Ltd