After many years of debate, the European General Data Protection Regulation (GDPR) has finally been agreed and passed and 25 May 2018 date has been set for its implementation.
While the impact of Brexit is currently uncertain, it is highly likely that the UK will continue to implement the GDPR in the short term and would need to maintain a law similar to the GDPR in the longer term. Statements from the UK Information Commissioner’s Office (ICO) before and after the referendum have supported that view. Therefore, irrespective of whether or not your organisation has operations in other EU Member States (so that GDPR compliance would be required in any event), we recommend continuing with GDPR compliance projects as planned.
On the assumption that the GDPR (or something very similar) will apply in the UK, in this document we discuss the key areas of reform in the GDPR and what it means for businesses from a UK law perspective.