Businesses must adhere to EU data regulation despite Brexit
The UK has decided to leave the European Union but that does not absolve businesses from adhering to impending European regulations.
That’s the view of Sean Crotty, partner at law firm Weightmans.
In 2018 the EU General Data Protection Regulation (GDPR) will come into force and will have direct effect in every European country.
It represents the biggest change in relation to data protection regulation in the UK since 2000.
Many of Britain’s data professionals mistakenly believe the Brexit decision means they will no longer be affected by the impending regulation.
“For people who don’t know, the law is going to change in May 2018 and we’ll still be in the EU because we haven’t triggered Article 50,” Crotty said at the International Festival for Business.
“That is pan-European data protection legislation. The law will apply with direct effect and we have to adhere to that.
“When we come out there is a question mark as to how we deal with that but something to bear in mind is at the heart of that pan European law states if you’re dealing with European nationals, you’re supplying services into Europe, you have to comply with that no matter where you are in the world.”
Richard Hough of Brabners agrees that Brexit will not save companies from the new measures if they are doing business with those inside the Union, nor those otherwise outside the Union doing business within, such as US companies.
Crotty is a partner in Weightmans’ commercial team, with particular experience in data protection, IT, intellectual property, media and entertainment matters.
He advises many high profile clients within the public and private sectors on a wide range of data protection, privacy and cyber issues, including insurers and insurance related bodies, IT companies, data providers, local authorities, PCTs, universities, housing associations and police authorities.
The lawyer warned all businesses needed to be aware of the legal implications of how they handle data.
“Big Data is data,” he said. “From a black and white legal perspective there’s a difference between personal data and non-personal data.
“When you’re dealing with personal data within Big Data the regulatory regime is a lot more onerous.”
A legal expert told a BusinessCloud Internet of Things roundtable before the Brexit vote that the EU regulation will still have to be adhered to if Britain opted out - and that consent for data to be collected and used by companies will have to be explicit rather than vague in 2018 and beyond.