South: Data protection rules will still apply after Brexit, says Trethowans
Don’t let Brexit fool you into thinking new data protection rules won’t apply to you. That’s the message from law firm Trethowans, which is warning businesses not to be blindsided by Brexit.
From May 25 next year the new General Data Protection Regulation (GDPR) comes into effect, replacing the Data Protection Act 1998 which currently regulates the use of an individual’s personal data.
Sarah Wheadon, partner and regulatory law specialist at Trethowans, says that just because the UK is leaving the EU, it doesn’t mean British businesses don’t have to comply.
“It’s highly likely that we’ll still be a member of the EU when the new rules come into force in May next year, which means businesses will need to be compliant by the deadline. Even once we officially leave the union, the new rules will still affect UK businesses offering any type of service to the EU market, regardless of whether their business stores or processes data on EU soil.
“And for those businesses that don’t fall into that category we’d still recommend pressing ahead with GDPR preparations. This is because it’s likely that the UK will be implemented fully into UK law.”
The GDPR will bring significant changes to the ways companies store data, with the biggest focus on organisations demonstrating ‘privacy by design’.
There will also be significant increases in fines that can be imposed under the GDPR for non-compliance. For some breaches, a business could be looking at a fine of up to 4% of its annual worldwide turnover or 200 million euros.
Wheadon says that while the changes and potential fines may seem daunting to businesses, with some research and preparation, compliance is achievable.
“It’s understandable that some businesses, particularly SMEs, are feeling anxious about the new rules,” she says. “However, it’s important to remember if they currently comply with the Data Protection Act 1998 they will have a strong starting point to build from.
“With less than a year to go, businesses should be preparing now, as for many there will be a lot to do. The ICO has published a really helpful 12-step guide for businesses, which is worth a read. It will also produce guidance to help with interpretation of the GDPR.
“With the best will in the world, it’s likely that even as we approach May 2018, there will still be uncertainty on aspects of the GDPR. For those responsible for data protection, it will be a case of staying tuned to the ICO’s official website, attending training sessions, reading articles and seeking external advice, where needed, to ensure they are armed with the best information to take forward compliance within their own organisations.”
Trethowans has offices in Southampton, Salisbury, Poole and Winchester with a base in London.
