The General Data Protection Regulation (GDPR) will enter into force on 25 May 2018 and a vote to leave will mean that the UK will no longer be required to implement the new laws into its legal framework
The GDPR will, however, automatically apply to many UK
organisations that offer goods or services to EU residents or
monitor the behaviour of EU residents
A vote to leave will trigger a two-year negotiation period that
will determine the UK's onward relationship with the EU. As
such, data protection law in the UK will be in a state of flux for
a period of time providing uncertainty to UK organisations
Two potential scenarios in the event of a vote to leave are as
UK leaves the EU and remains part of
European Economic Area – the GDPR will still apply. This is
because the four freedoms of Europe (the free movement of goods,
capital, services and people) are incorporated into the European
Economic Area agreement
UK leaves the EU and there is no free
trade agreement – the GDPR will not form part of the legal
framework in the UK unless it is formally adopted by the UK
government. The current Data Protection Act 1998 will remain in
place until such a time that the UK amends its legal framework. In
practice, however, the UK is likely to amend its current laws to a
regime similar to the GDPR. This is because EU data transfers to
the UK would not be possible without either (a) the Commission
designating the UK as a 'safe third country'; or (b) the UK
being subject to stricter requirements such as the United
In any event, the ICO has issued a statement that "the UK
will continue to need clear and effective data protection laws,
whether or not the country remains part of the EU"
Please also visit our
Brexit page for further implications should the UK vote to
leave the EU
For infomation on our upcoming Data as an asset event on Tuesday
12 July, please click
The fourth and final part of our mini-series on the draft ICO guidance on Consent, published on 2 March 2017, focuses on the practical impact the GDPR (General Data Protection Regulation) will have on how your organisation records and manages consent.
In light of the much anticipated ICO draft GDPR (the General Data Protection Regulation) Consent Guidance being published yesterday, 2 March 2017, we will be running a mini-series on the guidelines under consultation and the impact the GDPR will have on the much vexed position of consent and the impact on your business.
The first of our four discussions on the ICO guidelines for Consent will focus on the meaning of consent under the GDPR (General Data Protection Regulation) and how this change enhances the previous law on consent to data processing.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).