How Does Brexit Affect General Data Protection Regulation
- 11 Mar 2020
As a starting point, let’s take a look at the current law which still stands intact until the end of the transition period of 31st December 2020, after which the UK will have needed to complete their negotiations on their future relationship with the EU.
In order to be GDPR compliant, companies currently have to adhere to the following:
Obtaining Your ConsentCompanies are required to gain your consent before gathering any of your personal data. The terms of this consent must be clear, and you must have given your consent freely and have the option to withdraw your consent at any time.
Breach NotificationShould a company that has collected your data experience a security breach of any kind, they have 72 hours to report this breech to you, their customer. Failure to report this breech will lead to fines for the company. Should you be subjected to a breech in data security then you can seek data protection breach compensation.
Complete Data AccessYou are within your rights to request your existing data profile at any time and the company in question are required to supply you with a fully detailed and free electronic copy of the data they have collected about you. This report is also required to detail the various ways that your data is being used by the company in question.
Right to Data DeletionOnce the company in question have used your data to fulfil the original purpose, (for example to complete a transaction for goods or services received), you have the right to request that all your data be deleted.
Data PortabilityYou have the right to request your data and reuse it in different environments outside of the company that have originally collected your data.
Privacy by DesignCompanies are required to design their systems with adequate security in place, in order to protect your data, before collecting data from you. Failure to comply with this can lead to fines for the company.
Potential Data Protection OfficersLarger companies are required to appoint a data protection officer who is responsible for ensuring complete compliance and safety of the data collected by that company.
Brexit and GDPRAt the end of the transition period, whereby the UK are still negotiating their relationship with the EU, EU GDPR will no longer apply directly to the UK.
However, due to the fact that the DPA of 2018 enacts the EU GDPR requirements in UK law, UK organisations must still comply with its requirements following the end of the transition period. The UK Government has already issued a statutory instrument which replaces the current DPA 2018 and unites it with the EU GDPR. This new regime will be known as the UK GDPR.