What does The Data Protection Act and post-Brexit GDPR compliance

Friday, Apr 24th 2020
person handling paperwork in an office

The EU General Data Protection Regulation (GDPR) came into full enforcement on 25th May 2018. It’s a region-wide law and any organisation that handles data on EU citizens is expected to comply

Compliance is monitored by the data regulator in each member state, which in the UK is the Information Commissioner’s Office (ICO).  Prior to the deadline, there were numerous articles debating whether the ICO would instantly throw the book at non-compliant companies in a show of power, but it has moved to alleviate such concerns by stating that it sees compliance as an ongoing process.

In other words, as long as you can show that you’re working towards compliance through the adoption of the relevant tools and processes, the ICO will look favourably on you, in the short- to medium-term at least.

Does Brexit make GDPR redundant in the UK?

A question that has been asked frequently is whether Brexit will have an impact. When the UK leaves the European Union, it should theoretically be free from the laws set by Brussels. However, on 23rd May, two days before GDPR’s enforcement, a new UK ruling known as ‘The Data Protection Act 2018’ received royal assent and became UK law.

The Data Protection Act 2018 is effectively GDPR. To ensure that British organisations can continue to trade and share data with EU counterparts after the separation, the Government made moves to absorb GDPR’s requirements into UK law. The existing ‘Data Protection Act 1998’ was repealed and replaced.

With both the EU and British Government championing the new laws, it further emphasises just how vital a regulation refresh was. Data is produced, collected and shared at an incredible rate and the regulations that existed were no longer sufficient.

GDPR and the Data Protection Act 2018 encourage greater transparency, trust and best practice around data handling, which is not only good news for citizens, but it also provides the perfect opportunity for organisations to build strong lasting relationships.

For a lowdown on GDPR’s requirements and how we can help you to comply, have a read of our guide.