08 July 2016 - Post by:Charlotte Mullarkey
We are at a very interesting time for data protection legislation in the EU with the recent adoption of the new GDPR. Many are asking whether the GDPR will in fact apply in the UK following the referendum result on 23 June.
In the short term, data protection legislation in the UK remains the same – EU law continues to apply in the UK until the UK formally exits.
In the long term, things are less certain. There will be particular concern among businesses to ensure they can continue to transfer personal data freely around the EU, without the burden of alternative transfer mechanisms such as standard contractual clauses. It is unclear at this stage what form the UK law will take though many hope that from exit the UK will adopt a data protection law which is at least broadly similar to the GDPR.
Many companies operating across multiple jurisdictions will feel that the best course of action is to continue to prepare for the GDPR. The GDPR represents current good practice. It will apply to their EU affiliates and other establishments in any event. There is also an expectation that a data protection regime which imposes similar requirements to those in the GDPR is fairly likely, though not certain. In addition, it also seems likely that the GDPR (as a directly applicable Regulation) will apply in the UK before the effective date of the UK’s exit.
Read our full article on the likely impact of Brexit on UK data protection legislation in our Brexit Law section here.