Banking and finance dispute resolution
For the latest news and comment on banking and finance disputes.
For the latest news and comment on banking and finance disputes.
For all the latest news and comment in clinical negligence healthcare law
This collection looks at the latest news and comment on commercial contracting healthcare law. With the health and social care sector under…
For all the latest news and comment in employment and pensions healthcare law
For all the latest legal and regulatory news and comment in health technology
This collection contains DAC B eachcroft's latest report, The Route to Integrated Healthcare , which provides the first practical examples of how…
This collection looks at the latest strategic, commercial, regulatory and negligence legal and advisory news and comment in health and social care. …
For all the latest news and comment on employment and pensions law.
DAC Beachcroft Dublin specialises in insurance, professional indemnity, defendant personal injury, health, commercial litigation and employment work.…
For all the latest new and comment in tax law.
The GC Collective collection offers insight and comment for General Counsels (GCs) and in-house legal teams.
For the latest news and comment on Corporate, M&A and Equity Capital Markets.
Analysis, commentary and checklists on the legal and governance implications of Brexit on businesses operating in, and trading with, the UK
The Accountant's Liability Collection brings you topical news and insight of interest to accountants, actuaries, trustees and other financial…
Events and online training for the health and social care sector.
DAC Beachcroft's LatAm Quarterly Newsletter discusses topical news and issues in Latin America
In response to client suggestions and requests, DAC Beachcroft's insurance sector flagship publication.
For all the latest legal and regulatory news and comment in health and social care integration
For all the latest news and comment in corporate regulatory healthcare law
Find advice, commentary and thought leadership on all aspects of Director's & Officer's Insurance; from contract formation through to complex…
This collection looks at the latest news, comment and development on the law affecting mental health services. The law affecting mental health…
Our market-leading Information Law team regularly publish articles and updates addressing the ever-evolving Information Law landscape.
This collection looks at our Safety, Health and Environment Team and the products and services they can provide. In the climate of increased…
The Insurance Act 2015 comes into force in August 2016 and will represent a significant change to insurance contract law in this country. This…
Legislative changes are bringing major changes to the Insurance landscape. This collection houses DAC Beachcroft's alerts on the pertinent issues.
For all the latest news and comment in clinical regulatory healthcare law
Organisations face ever-increasing expectations from Government, regulators, customers or service users, and other stakeholders, so scrutiny and…
For all the latest legal and regulatory news and comment in healthcare estates and facilities management
This collection addresses the full spectrum of cyber security and data risk management – the zeitgeist of our age.
We have acted for clients in the majority of significant product liability cases that have been decided in the UK over the last 35 years. Our product…
Considering the future landscapes of our cities
The European General Data Protection Regulation (GDPR) came into force on 25 May 2016. A rewrite of European data protection law, the GDPR imposes…
Considering the future of housing
For the latest news and comment on public procurement law.
Welcome to the Construction Risks collection. This space is used to report upon issues of interest to those who seek to allocate, manage and reduce…
Technology, brands and intellectual capital are key assets for any successful business. Our intellectual property (IP) team are experts at helping…
Considering the future of retail
The Insurance Market Conditions and Trends report is DAC Beachcroft's insurance sector flagship publication. Now in its tenth year, the report…
The Solicitors' Risk Collection addresses issues and developments affecting legal practitioners, and the professional indemnity insurers of legal…
Published On: 30 June 2016
The outcome of the UK's referendum on its membership of the European Union has left many organisations unclear about the future landscape for data protection.
At the launch of its annual report on 28th June, the Information Commissioner's Office advised that its view is that reform of UK data protection law remains necessary. Over the coming weeks, the ICO will be discussing Brexit and its impact on the data protection law with the UK government, making the case for higher standards than those currently imposed by the UK Data Protection Act, to be imposed in the future in any event.
Although Christopher Graham, speaking at his final engagement as the UK's Information Commissioner, was reluctant to opine on the "what ifs" of Brexit, in our view, it would seem unlikely that the UK Government, acting on the advice of the ICO, would start from scratch in drafting a new data protection law. Despite the vote for Brexit, it would seem prudent for organisations to continue to prepare for and implement the European General Data Protection Regulation (GDPR).
The GDPR will come into force on 25th May 2018; before the UK's likely withdrawal from the EU. Importantly, as a European Regulation, the GDPR has direct effect in UK law without the need for separate legislation by the UK Government. Since Brexit seems unlikely to have effect until October 2018 at the earliest, this means that all UK organisations will need to comply with the requirements of the GDPR for around 5 months at the very least.
Following Brexit, whenever that may occur, while the GDPR will cease to have effect under UK law, many organisations in the UK will still find themselves caught by and bound to comply with its requirements. This is because the GDPR applies to any organisation, whether located inside or outside the EU, if that organisation:
This will mean that many UK organisations will need to comply with the GDPR post Brexit if they have any dealings with EU citizens.
Those organisations not caught directly by the extra-territorial effect of the GDPR are likely to find themselves subject to similar, if not identical, national legislation implemented in the UK due to the restrictions placed on international transfers by the GDPR. If Brexit also represents the UK leaving the European Economic Area, transfers of personal data to the UK will amount to a transfer outside the EEA and will therefore only be permissible if the level of data protection in the UK is regarded as being "adequate".
The UK will undoubtedly want to be deemed an "adequate" jurisdiction by the European Commission, meaning that the UK will have to offer a level of data protection comparable to that offered by the GDPR. It is unlikely that the UK is going to want to start drafting a new data protection law, especially during a time when there will be so many other demands on parliamentary time, only to face the uncertainly of placing it before the European Commission for an assessment of its adequacy. More efficiently and, in our view, more likely, is that the UK will simply adopt the GDPR, a text which it had significant input on.
In addition, as noted above, because of the extra-territorial effect of the GDPR, UK organisations which deal with EU citizens post-Brexit would have to comply with the GDPR in any event. It would therefore be distinctly unhelpful it they were required to comply with a materially different, and perhaps even contradictory, UK regime at the same time.
Our expectation is therefore that the GDPR will live on in some form under UK law even following a Brexit. As a stop-gap, that may be by the Westminster parliament legislating to the effect that the GDPR itself will continue to have effect in the UK in the same way as it did immediately before Brexit. In time, a new Data Protection Act could then be drafted and enacted replicating the terms of the GDPR in the more familiar style of conventional UK legislation. In any event, the effect will be the same: the material provisions of the GDPR will survive Brexit.
Our advice remains that the most high risk strategy would be to sit back and wait and see what happens with Brexit and the GDPR. We would urge clients to continue with their compliance programmes, on the assumption that the GDPR will have full force and effect from 25th May 2018. In fact, we have spoken to a number of our clients over the past few days and feedback has been clear; preparations for the GDPR continue full steam ahead!
Article by Rhiannon Webster, Partner and Jade Kowalski, Solicitor