Following this summer's vote to leave the European Union,
the wider implications of Britain's decision to break from the
EU continue to be felt as governments, businesses, and private
citizens look to forthcoming negotiations. Unfortunately, it
appears that definitive answers to the questions raised by the vote
may not be forthcoming for some time following Theresa May's
October 2 announcement that she plans to trigger Article 50,
setting in motion negotiations regarding Britain's departure,
by March 2017. One area up for consideration will likely be the
issue of data privacy and whether UK will create its own privacy
rules or follow the lead of the EU in implementing the General Data
Privacy Regulation (GDPR). Generally speaking, this law, slated to
take effect in May of 2018, will limit the amount of and type of
data on EU citizens which may be gathered and shared. Interestingly
however, May's announcement comes just days after the newly
appointed head of the Information Commissioner's Office (ICO),
Elizabeth Denham, stated that Britain should follow the GDPR
regime. During an interview with the BBC, Denham made her
sentiments clear, stating "I don't think Brexit should
mean Brexit when it comes to standards of data protection...In
order for British businesses to share information and provide
services for EU consumers, the law has to be equivalent."
Should the above sentiment hold, it would appear likely that
international employers/businesses with operations in the UK may
fall under the GDPR. From an employer's perspective, this can
be a mixed blessing. While GDPR policies represent a major shift in
how data is kept and shared, along with hefty sanctions for
violations, the pros of having a more unified set of rules to abide
by may help ensure that businesses are not faced with multiple
privacy standards when conducting operations in the EU and,
possibly Britain. It bears mentioning however that the GDPR
authorizes individual Member States to implement more specific
rules with respect to the processing of HR-related personal data.
This includes data collected for the purpose of recruitment,
performance of the employment contract, diversity, health and
safety, etc. These potential member state specific rules not only
apply to employers processing employees' personal data, but
also to HR service providers ("data processors") as well
as non-EU affiliates of multinational corporations if all HR data
is centrally stored and accessible to affiliates worldwide. It will
therefore remain important to continue monitoring national law
developments in the field of workplace privacy.
Despite the above, the GDPR represents the possibility of a far
more streamlined approach than grappling with the disparate privacy
laws of each individual member state. This desire to provide one
standard for businesses appears to be at the heart of Denham's
desire to retain the GDPR. Denham relayed these sentiments later in
the same interview with the BBC: "In a global economy, we need
consistency of law and standards – the GDPR is a strong law,
and once we are out of Europe we will still need to be deemed
adequate or essentially equivalent. For those of you who are not
lawyers out there, this means there would be a legal basis for data
to flow between Europe and the UK. We're talking about proper
protection for consumers, about certainty for business, and about
strong independent oversight of the law."
While it remains to be seen whether the UK will abandon the GDPR
during upcoming negotiations, it appears that Britain is keenly
aware of the need to provide certainty, especially for businesses
just now coming to terms with new privacy rules. It is therefore
likely that the GDPR will be, in large part, implemented in the UK,
most likely providing global employers with the opportunity to
craft general privacy rules for employees throughout Europe.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In SSE Generation Limited v Hochtief Solutions AG and another decided on 21st December 2016, the Court of Session in Scotland considered a contractor's potential design liability under the NEC Form of Contract.
Case law concerning the Agency Worker Regulations remains limited. We recently advised a recruitment business involved in a dispute with a "temp" and a hirer regarding who was liable for an alleged breach of AWR Regulation 5.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).