......GDPR asks how The UK’s week has been. “Horrible,” he replies. “This whole Brexit thing is ridiculously complicated”. The UK then asks how things are with GDPR. GDPR says he can’t tell him that until he’s verified he’s got adequate data protection systems.
Politicians are trying to work out the details on the UK’s exit from the EU as the day it comes into effect looms on the horizon. While these final decisions will no doubt affect how businesses operate across the EU and UK, many are also left wondering how it will impact GDPR.
In this blog, we’ll look at how Brexit might impact the UK and GDPR compliance.
Brexit Or No Brexit, GDPR Is Still Applicable
For those of you who have invested in GDPR compliance and are wondering if you wasted your money, fear not — GDPR will still apply once Brexit takes place. GDPR itself isn’t a law, but a European directive, meaning that “it presents a set of rules and once approved by all member states, said states must draft domestic laws in which the rules presented by the directive must be imposed onto the citizens of that country and that country only”.
In the context of the UK, the domestic law that supports GDPR is the Data Protection Act 2018 (DPA 2018). DPA 2018 makes GDPR applicable locally and adds additional clarification around certain issues, such as applying GDPR standards for data processing that doesn't fall within EU law, transposing EU Data Protection Directive 2016/680 into domestic law, ensuring national security laws comply with internationally recognised data protection standards, and that these new laws also provide support from the Information Commissioner's Office (ICO).
How GDPR Will Remain In Effect After Brexit
Even once Britain formally leaves the EU, its implementation of GDPR regulations into local law and GDPR’s existing legislation will ensure that the privacy rights of EU citizens are protected. Brexit will see the status of the UK shift to that of a third country. Under GDPR regulations, EU companies cannot transfer personal data to a third country. This could be problematic for international organisations that exist in the EU, but there is a solution around this. Countries that have adequate levels of data protection will be allowed to transfer personal data. A few examples of countries that meet these requirements are Canada, New Zealand and the USA.
GDPR Compliance Is Only One Partnership Away
If you're looking for a partner to ensure your company meets approval for third countries under GDPR, GCL Direct is a marketing and telemarketing B2B specialist who can assist you. To find out how, please contact us today.