As a Brit who thinks our country is great, but also a European who spends a large part of his time travelling around the continent, I was shocked to find that the UK electorate voted to leave the European Union! If I’m honest with myself, I didn’t see it coming. My general impression of the British public is that, on the whole, we are conservative with a small “c” and typically vote to maintain the status quo. – the grass is very rarely greener…
I’m still trying to assess the consequences the decision will have on our everyday lives. Will it mean a cooling of business confidence in the UK economy? Will it lead to restrictions on the free movement of people, thereby impacting the attractiveness of the UK as a study destination? Will a cool economy and free movement restrictions negatively impact our ability to attract top talent in the areas of finance, pharmaceuticals, professional services, and other industries?
There are a lot of unanswered and maybe unanswerable questions at this early stage, but one area I feel certain will not be significantly impacted is the need to comply with the new EU General Data Protection Regulation (GDPR). For larger organisations that operate internationally, holding data about EU citizens means that they must comply with GDPR. And since “Brexit” will probably occur after the GDPR comes into force in 2018, UK organisations must still put into place internal policies and safeguards to ensure GDPR compliance.
To my mind, with its extensive requirements around data subject consent, data breach reporting and privacy by design, the EU GDPR will become the “gold standard” for the protection of consumer data and the UK will inevitably enact GDPR-equivalent legislation. If the UK wants to continue doing business with the EU we will need to prove “adequacy” of data protection. Providing a uniform approach for multinationals working out of the UK and other EU member states will be both practical and beneficial.