There’s been a common misconception with UK businesses thinking that the new EU data protection laws will not apply to them due to the UK moving towards Brexit. However, this is not the case. GDPR will apply from 25 May 2018, which is prior to the date that the UK is due to formally exit the EU, meaning the UK will still formally be part of the EU and you will still have to comply, at least for the time being.
A survey of 408 IT decision makers at UK companies found that 44% of UK businesses do not believe the GDPR will apply to UK companies once the UK formally exits the EU.
If you think GDPR won’t apply to you and your business, you could be wrong. GDPR should be on the minds of every organisation who deals with European data. However, not every organisation who controls or processes personal data is subject to GDPR. It depends on the nature of the organisation, so it's important to know where you stand.
The UK government delivered a formal notification to the EU of the UK's intention to leave the EU under article 50 of the Treaty on European Union recently, beginning a two-year process of withdrawal from the trading bloc, subject to an extension which must be agreed by all member states.
Even if the UK decides post-Brexit to change data protection laws relating to the processing of UK citizens' personal data, UK businesses would continue to be subject to the GDPR when processing the personal data of EU citizens.
The UK government has previously confirmed it will adopt the GDPR despite moving forward with plans for Brexit. However, research by information management company Crown Records Management revealed that 24% of UK businesses have stopped planning to achieve compliance with the General Data Protection Regulation (GDPR).
This is a worrying number of UK businesses with a lack of plans for dealing with GDPR. The GDPR will require organisations to disclose major data breaches, including those stemming from cyber-attacks, to data protection authorities and affected customers.
It’s extremely important that you understand and comply with GDPR law if you’re a UK business dealing with European data. For more information about GDPR and what you need to do next, visit www.metacompliance.com/gdpr.