After months of public debating, the binary answer to what is likely to be the most momentous decision the UK will make in my lifetime was finally within reach. The ultimate question was answered: the UK was to leave the EU, but what is left in its place? More questions. Forever etched into my memory will be the morning of the 25th of June 2016 when my first thought upon waking up to my nemesis alarm tone was not the usual “where is the snooze button?”, but finding my television remote control.
It was just two months earlier that social media was awash with articles about the final drafting of the General Data Protection Regulation (GDPR), the final two-year countdown on a European data protection project which had begun four years earlier. A directive which in cahoots with our European cousins would unify and modernise our well designed, yet creaky Data Protection Act (DPA). Was this now to be scrapped? Uncertainty reigned supreme as subsequent social media articles admitted “we just don’t know”.
Fast forward to the final quarter of 2016 and we still don’t have any more of a grip on certainty. However, with fire of hysteria dying from a lack of fuel, we can afford to be a little more analytical about the fortunes of the GDPR in the UK. Regardless of political leaning, the GDPR represents a positive change for citizens of the UK, so much so that UK members of the European parliament and council not only voted it through but also had substantial influence over its final version.
Such is the reach of the regulation that hidden away in its 261 pages is mention that any organisation, whether an EU member or not, will have to store and transmit any personal information relating to EU citizens in a GDPR-friendly manner. Meaning whether in or out, with 44% of all UK trade taking place with EU nations, compliance seems less optional and more common sense (FullFact.org, 2016).
Where the DPA stood to protect personal information generally, the GDPR takes into account technological advancements since. Worryingly whilst the UK dithers about when to sound the article 50 claxon, almost encouraging organisations to bury their heads in Brexit sand, the two-year countdown continues to tick toward a regulatory nightmare.
Data Protection Lawyers at Travers Smith predict that the future of the UK’s economic life in Europe will depend upon how far it can replicate the data standards set. (Leaving the EU: the legal implications, Travers Smith, June 2016). Evidently, it seems even legal minds foresee a need to keep on top of our data protection laws sooner rather than later.
The outcome is no more certain but the most likely reality clear. The UK is not expected to negotiate a complete exit before April 2018; in fact most media sources speculate anything up to ten years which means GDPR will be in force in the UK as a part of natural course. Should David Davis achieve a miracle in Brussels before this time, then the UK would be prudent to adopt GDPR anyway. It is arguably the most modern and forward thinking data protection regulation in the world, something the UK should champion in a world seemingly unable to get to grips with data breaches, not abandon.
