A lot has been said and written on GDPR. At a time when we are just beginning to grasp the fact that ICT cannot be without GDPR, mainly due to the ‘consent’ email bombardment, comes Brexit and the uncertainty of it in relation to GDPR as it is an EU regulation. People and businesses are asking ‘’what will GDPR be like post Brexit?’’ Fortunately, a lot of articles have been written and discussions are going on from different perspectives, GDPR post Brexit won’t be a scenario of ‘’ how to manage your expectations during the first few days, weeks, months of dating’’ rather it is a subject of forward looking, information gathering, be in the know of suggested options especially for companies dealing in B2C or even B2B in case data management dealings don’t go according to plan.
Before going further, here is a brief recap on GDPR for those who need it. In the beginning, the European Union adopted the DGPR (2016) as an EU law on Data protection to provide privacy for all individuals in the EU and the EEA. The regulation which became enforceable beginning of May 2018 has two main priorities, to; give individuals control over their personal data and, to; simplify the regulatory environment for international businesses by unifying the regulation within the EU. GDPR also addresses export of personal data outside the EU and EEA. With Brexit in sight, this is where GDPR post Brexit questions arises, with UK about to become a third country, will the Britain abide by GDPR? What guarantees are there in terms of data privacy? – Whether in terms of B2C or B2B. Individually, people and businesses alike are researching the topic and informing those who are anxious.
Looking for Answers
Questions and answers have been suggested, with the amount of publications on the topic, we are becoming bombarded again. My opinion is to answer GDPR questions whatever perspective, we must go to the heart of GDPR – the principles (the core conditions that governs the regulation GDPR (2016/679) especially the 7th “Accountability”.
ICO wrote about GDPR principles, to be;
- Lawfulness, fairness and transparency,
- Purpose limitation,
- Data minimisation,
- Storage limitation,
- Integrity and confidentiality (security),
Monique Magalhaes of Techgenix, in January 2018 wrote and highlighted that – ‘’organisations need to follow these principles when collecting, processing and managing European citizens personal information regardless of whether the business is in EU or elsewhere in the world.’’ I believe this explanation applies to Britain once it becomes third country.
According to another website tripwire.com; there might be a common misapprehension which might be a wishful thinking for some British businesses who don’t want the hassle of achieving GDPR compliance, thinking that UK businesses might not need to comply with GDPR post Brexit as it is an EU regulation. The fact is, currently the UK adopted all the rules of the GDPR into the Data Protection Act 2018 – which means that UK businesses will have to continue complying with the GDPR after Brexit and those that deal with EU citizens have to comply with GDPR directly.
Important for UK businesses to remember; compliance with the key principles is a paramount building block for good data protection practice for those involved. Failure to comply with the principles may lead to substantial fines. Article 83(5) (a) states that infringements of the basic principles for processing personal data are subject to the highest tier of administrative fines. This means a fine of up to €20 million, or 4% of your total worldwide annual turnover, whichever is higher.
Brian Honan of independent.ie writes; GDPR and Brexit will potentially bring many challenges to organisations over the coming years, but proper planning and keeping abreast of how talks regarding data protection post-Brexit will help keep on top of those challenges. This suggests that businesses and the concerned alike need to keep eyes open for the future is unclear.
For more information visit the pages referred;