By Elizabeth Sheldon, ISMS Scheme Manager at British Assessment Bureau
After years of negotiations, the UK has left the EU. What does this mean for data protection legislation?
Does GDPR still apply now the UK has left the EU?
Yes. Citizens of countries in the EU are still protected by General Data Protection Regulation (GDPR) so, if you have any customers within the EU, you must still abide by this legislation.
The same rules and regulations will continue to apply to citizens of the UK, too. That’s because EU data protection law was converted into UK domestic law under the Withdrawal Agreement.
The government has stated that ‘the provisions of the EU GDPR were incorporated directly into UK law at the end of the transition period. The UK GDPR sits alongside the DPA 2018 with some technical amendments so that it works in a UK-only context’. It also emphasised that ‘the UK remains committed to high data protection standards’.
Preparing for future data protection
It’s impossible to predict how the UK government may or may not relax data protection legislation. But one way you can prepare for any incoming changes is to maintain your compliance with the most demanding requirements we have on us right now: GDPR.
Complying with the current regulations doesn’t just mean you can continue to process the data of both UK and EU citizens. It also means that you’ll be that much more prepared for any changes the UK government might introduce, even if those changes relax UK requirements.
That’s because even relaxations will likely require changes to your internal processes. But if you don’t have the necessary processes in place, you will have that much more work to do than if you have processes in place that need minor alteration.
Focus on your customers
People are becoming increasingly aware of data privacy issues, and there will be an increasing expectation for organisations to exercise strict data protection processes.
Full GDPR compliance is expected, but it’s possible to exceed those expectations and attract more customers as a result. Implementing rigorous Information Security Management Systems to independent standards such as ISO 27001 won’t just put you in a good position to adapt to any changes to legislation. It will also demonstrate to new customers that you will handle their data with the utmost care.