Filter by Category

Brexit and the GDPR: What You Need to Know

Brexit and the GDPR

On June 23, 2016, barely two months after the EU parliament approved the General Data Protection Regulation, the United Kingdom voted to leave the European Union. In the aftermath of a decision that shocked the world, many questions were raised regarding the legality of withdrawing from the EU.

One question in particular was resounding.

Does the GDPR still apply to UK companies?

“One in four businesses in the UK say they have cancelled all preparations for the EU General Data Protection Regulation,” writes this article from Information Age. A higher percentage of companies have perhaps started preparations, but “a massive 44% of those surveyed said they didn’t think the regulation will apply to UK business after Brexit.”

Recent studies, surveys, and statistics coming from the UK show that many aren’t worried about the GDPR now that Brexit is certain. But it’s too soon—and far too careless—to write off the GDPR as a regulation you don’t have to follow.

The question, “Does the GDPR still apply to UK companies,” is broad in its scope. Perhaps it’s better to break it into two separate questions.

1. Will the GDPR apply to UK companies BEFORE Brexit finalizes?

Though the GDPR was approved in 2016, businesses have been given two years to become compliant with its requirements. This transition period officially ends on May 25, 2018. Companies must be compliant at that time or face steep fines and penalties (up to 20 million pounds or 4% of annual turnover, whichever is higher).

The UK is set to finalize their leave from the EU sometime in 2019, probably March 2019, but at the very least, that’s ten months after the GDPR becomes enforceable. Since the UK will still be a part of the EU in May 2018, UK businesses must meet all compliance requirements at that time. No exceptions.

2. Will the GDPR apply to UK companies AFTER Brexit finalizes?

Okay, you’re thinking, I only have to comply with GDPR until March 2019, and then I can stop, right? Well, not quite, for two different reasons.

Even after the UK fully exits from the EU, the GDPR applies to all companies who process or store the personal data of EU citizens. This includes companies who are located worldwide, so if your company has EU clients or processes EU citizens’ data, yes. The GDPR still applies to you, and so does its fines and penalties if you fail to comply with its requirements.

The UK government has also spoken up about the future of the GDPR after Brexit. Phil Lee, partner at Privacy, Security and Information law group in London, writes: “The UK government has signalled that, in order to provide continuing legal certainty for citizens and businesses, all existing European law will essentially be “copied and pasted” into UK law … by the time the UK leaves the EU.” This most likely includes the General Data Protection Regulation, which Lee guesses will simply be renamed as an act but encompass the GDPR’s requirements and legalese.

Furthermore, Lee encourages UK businesses to be more vigilant than ever about meeting compliance requirements, as they’ll “most likely need to comply with both UK and EU data protection law.” So while Brexit is set to bring about many changes for UK-based companies, being off the hook for full compliance isn’t one of them.

What should you be doing right now?

Prepare, prepare, prepare. The deadline for complete GDPR compliance is fast approaching, and the penalties and fines are far too steep to ignore.

To help businesses ready themselves for May 2018, we’ve put together two resources covering everything you need to know about the General Data Protection Regulation. Check them out!

Latest Posts


How Do I Securely Share and Send Large Files?

June 30, 2020

The biggest danger of passing notes in grade school was interception by your teacher (or a box checked “no”) but sending large files these days carries a lot more risk. Messages that you’re…


How a Data Security Breach Puts Your Organization at Risk

June 25, 2020

Data breaches are, unfortunately for organizations everywhere, becoming likely events rather than worst-case scenarios, as more and more organizations are learning. There are a variety of safeguards…


Do You Need an MFT Agent?

June 23, 2020

Do You Need an MFT Agent?Put your dark sunglasses away. An MFT agent is not going to negotiate a multi-million-dollar deal or book you on that late-night talk show. An MFT agent will, however,…