Wednesday, September 20, 2017


Brexit vs GDPR: What to expect



On June 23, 2016, the UK voted to leave the European Union after 43 years as a member. With GDPR set to come into force before the official departure, Sheila FitzPatrick talks to João Marques Lima on the implications.

Two years of long, and potential painful, negotiations were kicked off on March 29, 2017, with the British Prime Minister Theresa May invoking Article 50 of the Lisbon Treaty which officially ignites the exit process.

This interview originally feature in the Data Economy magazine. To read more on GDPR and other data centre, cloud and data topics visit here.

However, the UK will have to comply with GDPR regardless if it is in or out of the union, and as FitzPatrick points out, the UK current data act is not at the same level as the EU’s similar regulation.

She said: “Within the current 28 member states, the UK – although the Information Commissioner’s Office is vocal about compliance and data privacy laws – the current UK Data Projection Act is less restrictive than the other member states’ laws and already has deficiencies with the current EU directive.

“What I caution companies about, especially if they operate in the UK and if they have data centres in the UK and they are going to be storing personal data of EU citizens, is that it does not matter what the UK does whether or not the UK government decides to implement regulation a lot equal to GDPR or whether they adopt GDPR as their foundation.

“Companies have to step up and comply, they cannot sit back and say lets wait and see what company A does, let’s wait and see what happens with Brexit. No.”

Just as previously explained, if a company is to have access to personal data of an EU citizen they are going to have to comply with GDPR, and “if history repeats itself, I do not know if the UK is going to necessarily be in compliance with GDPR and certainly not at the time when May 25, 2018, comes around”.

FitzPatrick added: “There will be a period of time when Brexit will go through and GDPR is in effect and the UK government has not implemented something, and companies have not addressed the issue.

“There is going to be a period of time when holding EU data in the UK could be deemed illegal or inadequate.”

Watch: techUK on Brexit consequences: The ultimate answers on the British referendum and its meaning to the IT industry

This article originally appeared in the Data Economy magazine. To read more on data centres, cloud and data, visit here