Brexit & EU GDPR – Data Protection Hits Headlines Again

Shane Lewis – Information Security Manager

I’m sure some of you are starting to tire of hearing the word ‘Brexit’. But I’m here to bring it up again! The reality of the situation is that the debates about the far reaching consequences, especially for the tech industry, are unlikely to be resolved any time soon.

The biggest bugbear that has the IT community talking is what will happen regarding the EU General Data Protection Regulation (EU GDPR). The UK now finds itself in an interesting position. First off, we need to look at the bigger picture. To be part of a global economy, the UK needs access to data. And if we want to access data from the EU, we need to adhere to the GDPR and be able to demonstrate adequacy. It’s that simple.

The EU GDPR was more than four years in the making, and regardless of the criticism it received along the way, the crux of the matter is that it is not just pointless red tape. More and more countries are adopting new laws and strengthening data transfer agreements. The UK must do the same in order to operate in the global market. The question is whether or not we can do this independent of the EU.

Ultimately, the best option for the tech industry is for the UK to receive ‘equivalence’ and be acknowledged as being able to provide adequate protection for EU citizens’ data. The easy way for this to happen is to be part of the European Economic Area (EEA), also known as the single market. But this scenario is unlikely considering that the EU will do everything in its power to discourage other member states from following in the UK’s footsteps. The harder path would be for the government to have to amend the current 1998 data protection act to adhere to the new laws with the GDPR. This would be a long and complex process.

While a lot of the discussion has been doom and gloom, there are some positives to be gleaned from the situation. For example, by leaving the EU, the UK does have the opportunity to avoid sections of the GDPR that are either unbeneficial or simply unclear. There may also be the possibility that having a separate set of regulations will result in some business or economic benefits. The outcome remains to be seen. But it is interesting to speculate.

It’s certainly a tumultuous time for the UK tech sector, and indeed all British industries. The two years following the triggering of Article 50 of the Lisbon Treaty will no doubt be even more interesting. But until then, it’s up to us as one of the UK’s most resilient industries to hold steady and do everything in our power to remain a global leader in technology and innovation.

Brexit & EU GDPR – Data Protection Hits Headlines Again
Semafone