Article

Brexit creates questions over privacy rules

Privacy Flash | Audit & Enterprise Risk Services | July 2016

Concerns from a data protection perspective

On 23 June 2016, the UK held a referendum to decide whether or not to remain a member of the European Union, which resulted in a win for the “Leave” camp. From a data protection perspective, there are some concerns that an eventual “Brexit” might disrupt the data flows for international businesses.

If the UK were to leave the European Union, it would most likely put in place a legal framework that reflects the provisions of the GDPR. In order for the UK to continue to trade with the EU on equal terms, the UK Information Commissioner’s Office (ICO) confirmed that it would seek recognition as an adequate jurisdiction. This would entail that the UK would adopt data protection standards equivalent to the GDPR, which would allow for a continued free flow of personal data between the EU and the UK.

Much will depend on the next steps taken by the UK. Should it decide to exit the EU, it needs to follow the formal legal procedure set out in Article 50 of the Treaty of the European Union. This procedure takes a minimum of two years, which means that companies still need to prepare for the entry into force of the GDPR on 25 May 2018.

This article has been published in the Deloitte Privacy Flash of July 2016

Discover earlier versions of the Privacy Flash:

Did you find this useful?