You are here:
  1. Home
  2. News
  3. Blog
  4. Your money or your data: 4 reasons to comply with GDPR

Your money or your data: 4 reasons to comply with GDPR

24 May 2017

In a recent survey of IT decision makers 25 per cent of respondents had cancelled preparations for the GDPR and 44 per cent thought GDPR won’t apply to UK businesses after the UK has left the EU. Anna Drozd explains why law firms need to comply. 

The result of the EU referendum in the UK took many by surprise. The now real prospect of Brexit has raised many questions about its impact on the legal order in the UK, particularly directives and regulations enacted as a result of EU law And what about the General Data Protection Regulation (GDPR) that has just come into force but has not started to apply yet?  

While the immediate thought may be to abandon your preparations for the GDPR, let me change your mind.

Four reasons to comply 

1. UK businesses will continue to provide services or sell goods in EU countries after Brexit

Businesses will have to comply with the GDPR or face fines of up to 4 per cent of global turnover. 

2. ‘regardless of whether the processing takes place in the Union or not’

The GDPR has vastly expanded the jurisdictional reach of the regulation by applying to those operators who offer goods or services to, or monitor, data subjects in the EU ‘regardless of whether the processing takes place in the Union or not’ (Article 3). This means that any organisation or business carrying out the above activities will have to comply with the GDPR.

3. GDPR will start to apply in May 2018

The UK will remain a full member of the EU until the negotiations on withdrawal are completed. As such, it will enjoy all its rights as a member and will have to comply with the legislation in force. Since the GDPR will start to apply in May 2018, we know that the UK will still be a member of the EU and will have to fully comply with the new regime.

4. Future relationship between the EU and UK

It’s still unclear what the future relationship between the EU and UK will look like. If the UK chooses to join the European Free Trade Association, it will continue to participate in the single market and would continue to apply the vast body of the EU law. If it chooses a different solution, the UK will be free to set its own data protection laws. However, in the case of data transfers between the EU and the UK, the UK will be treated as a third country under the GDPR and its data protection legislation would be assessed as to whether it provides adequate protection of personal data. This assessment is likely to be more positive when the UK maintains a high level of protection of personal data in line with the regime in force across the EU. 

An Information Commissioner's Office spokesperson pointed out that:

‘If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove 'adequacy' - in other words UK data protection standards would have to be equivalent to the EU's General Data Protection Regulation framework starting in 2018.’

For all these reasons, you should maintain your focus on getting ready for the new regime.

The ICO has recently published guidance for preparing to comply with the GDPR in March 2018.

Check our General Data Protection Regulation resources

Tags: knowledge management | Brexit

About the author

Anna Drozd is the Law Society's EU policy adviser on professional practice. Her main objective is to look at how EU legislation impacts the profession of a solicitor.

Follow Anna

Follow our Brussels office

Visit the Brussels office website

  • Share this page:

access to justice | anti-money laundering | apprenticeships | archive | artificial intelligence | Autumn Statement | bid process | brand | Brexit | British Bill of Rights | Budget | business | careers | centenary | charity | city | communication | Conservatives | conveyancing | court closures | court fees | courts | CPD | criminal legal aid | cyber security | David Cameron | development | Diversity Access Scheme | diversity and inclusion | education and training | elderly people | emotional resilience | employment law | equality | European Union | Excellence Awards | finance | George Osborne | human rights | human trafficking | immigration | in-house | International Womens Day | Investigatory Powers Bill | IT | Jeremy Corbyn | justice | knowledge management | Labour | law management | Law Society | leadership | legal aid | legal professional privilege | LGBT | Liberal Democrats | library | Liz Truss | Magna Carta | mass data retention | mediation | members | mention | mentoring | merger | modern slavery | morale | National Pro Bono Week | Parliament | party conferences | personal injury | Pii | politics | president | pro bono | productivity | professional indemnity insurance | represent | retweet | risk | rule of law | security | social media | social mobility | SRA | staff | strategy | stress | talent | tax | tax credits | team | technology | Theresa May | Time capture | training | Twitter | UKIP | value proposition | website | wellbeing | Westminster weekly update | wills