The uncertainty over the future of the UK’s data protection laws looks set to continue.
In her first speech in her five-year term as Information Commissioner, Elizabeth Denham has acknowledged that when the UK leaves the EU in 2019 or later, there will need to be new UK data protection legislation.
One thing that is certain is that the EU General Data Protection Regulation (GDPR) will apply to all EU member states from 25 May 2018. All UK companies that wish to do business in the EU after that date will need to comply with GDPR.
However Denham says that it is up to the UK Government to decide what data protection rules apply to companies that only operate in the UK ‘both in that middle period from May 2018 to whenever the UK formally leaves the EU, and beyond’.
She adds ‘We’d all like a concrete answer about the specific outlines of post-Brexit data protection law. We know businesses don’t generally like uncertainty. But in the end, it’s Government that will have to decide’.
Denham says that she is in active discussions with ministers and senior government officials on post-Brexit UK data protection legislation, which she believes should be ‘developed on an evolutionary basis, to provide a degree of stability and clear regulatory messages for data controllers and the public’.
Let’s hope the Government consults with all interested parties, including the direct marketing industry, to ensure that the new data protection legislation is sensible and workable.
After all, whatever else Brexit may mean, it must mean an end to excessive bureaucracy if the British economy is to thrive in the coming years.