The UK should update existing legislation on protection of personal data in anticipation of the entry into force of EU Regulation 679/2016, effective on 25 May 2018.
It will be necessary therefore to determine whether and what application this new legislation will have to the processing of personal data in the UK upon its departure from the EU. In view of this difficult situation, it is expected that the above Regulation will be applied within the limits of the reforms that the UK adopts during its exit from the European Union, even though it will be necessary to wait before verifying the government’s positions.
In a recent statement, the “Information Commissioner’s Office” (ICO) of Britain has confirmed the applicability in the UK of the Data Protection Act of 1998 and the need for effective remedies to be implemented in the future in order to maintain continuity of personal data policies with that of the European Union (and thus in line with the new rules). In particular, the non-direct application of the Regulation to the UK territory will be subject to specific attention, especially with respect to the “adequacy” that the new (or existing) UK legislation has in relation to European Union law so as to ensure the continuation of business activities and of relations between organisations and consumers. Under this logic, the “new” UK legislation should therefore be guided by European standards and be the result of negotiations with the European Union (similar to what happened in Switzerland or Canada) . A new legal framework in the field of personal data protection will have a fundamental role in technological fields, finance, marketing, etc. with effects, as it is typical of legislation on protection of personal data, on all sectors which operate (even indirectly) in the processing of personal data.
Furthermore, from a practical and legal perspective, the exit of the UK from the European Union (and any related laws on protection of personal data) could result in a substantial change in the flow of personal data between the UK and the EU with a consequent “transfer” of data. This fact and its implications should be carefully assessed in light of the measures approved by the European Commission in order to legitimize (and make secure) its cross- border flow of data.
It is therefore clear that during this transition phase these aspects should be carefully assessed both from an implementation and practical point of view as well as with regard to “continuity” of relations with participating partners in the EU.
You can consult and/or download the full version of the Brexit dossier here.