For many, the outcome of Britain’s EU referendum means we now have to contemplate the unthinkable. Britain is going to withdraw from the tangled, bureaucratic web of the EU and go it alone. Already many businesses and institutions are trying to figure out what this seismic change will mean for them, and of course, the information security and data transfer world is no different.
What this means for Data Protection
While the British Prime Minister and the Governor of the Bank of England were doing their best to reassure the spooked financial markets, so to was the Information Commissioners Office (ICO) making a statement to clarify what Brexit was likely to mean for data protection standards in the country.
“The Data Protection Act remains the law of the land irrespective of the referendum result,” a spokesperson for the ICO said. “If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK.”
Until such time as the UK formally begins withdrawal from the EU, it remains under EU law. The Prime Minister has indicated that this process is unlikely to happen until at least the autumn of this year when a new Prime Minister will be in place, so in the immediate term, there will be no change whatsoever.
But what changes are likely further ahead? Well the ICO spelt out the future very clearly in their statement. “If the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words, UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”
The UK will soon be in a position to negotiate its own trade deals again, and of course, the EU will be one of the most important deals to be struck. When exporting goods and services to another country or region, those goods or services always have to abide by local laws and customs.
The same is true for data, and so if the UK is planning to maintain the current trading arrangements with the EU, its data protection standards would also have to at least keep pace with the EU rules. They could, of course, become stronger, and there is certainly no indication from any political side of a desire to weaken these.
UK data protection some of the best
The ICO has spoken confidently about this in the past too. At the recent Data Security in the Cloud Conference 2016, held in London, Garreth Cameron, the ICO’s group manager for business and industry, said, “The UK has a very long history of data protection laws,” he said. “So whatever happens, I think we will have strong data protection laws…”
There are few people better placed to make this judgement, and whilst there is clearly public demand, and now a public mandate, for less and lighter regulation which has so burdened business and industry for so long, no-one has suggested a rollback of regulations which are clearly in the best interests of everybody.
BREXIT will inevitably lead to a period of uncertainty and everyone in the IT sector and elsewhere will be watching keenly to see how the separation plays out. But there is no indication that there is any reason for the sector to panic or be concerned, and indeed it is likely that the new Prime Minister will be falling over himself to win the support and trust of all businesses for Britain’s new way forward.