Brexit means GDPR and unhindered data flows

Minister of State for Digital and Culture Matt Hancock reaffirms that Britain wants data flows, but little else.

The European Union’s General Data Protection Regulation (GDPR) comes into force in May 2018. These new rules will change how many companies in the UK and EU handle data. But quite what the UK’s data protection and data flow agreements will look like once we officially leave the EU, however, is unclear.

Speaking at the House of Lords EU Home Affairs Sub-Committee Matt Hancock MP, Minister of State for Digital and Culture, continued the Government’s refusal to clarify how things will look post Brexit.

Hancock reaffirmed that the UK will implement GDPR in full between it coming into force in 2018 and whenever the UK officially leaves the European Union. He said the UK was heavily involved in its creation and that it was a “good piece of legislation” on more than one occasion.

Aside from that confirmation, there was little else to reassure businesses or anyone else concerned about data protection.

“We are keen to ensure data flows are unhindered. I’m not going to go into the details of how we do that [while negotiations are yet begin]”, he told the committee.

Hancock was asked repeatedly about the goals of the Government post-Brexit regarding data protection, but he largely refused to answer or even speculate.

He cited Prime Minister Theresa May’s position that there would be no ‘running commentary’ of negotiation standpoints, and wouldn’t acknowledge if there is a contingency plan if the UK can’t get its preferred data flow agreements.

“The morning we leave the EU its important our data rules work. We’re starting from a position of harmonisation [because we’re implementing GDPR in full].”

On the subject of staying aligned with GDPR – something which many experts have claimed is key to retaining access to the digital single market – if the EU updates the regulation, Hancock said any decisions would be made in “in the future depending on what those changes are”.

On the subject of Privacy Shield – the agreements that govern data transfer between Europe and the US – and what the UK will have to arrange, he said he was “confident we can come to a successful agreement to achieve the same unhindered flow of data we have now.”

Brexit means Brexit, but what else?

The Government’s continued stance not to give any details about what a post-Brexit landscape will look like, or even what they would like it to look like, is a problem. Given the globalised nature of the technology world, even admitting that sticking as close to GDPR and Privacy Shield as possible – something that will be highly desirable for many, if not most, international companies – would offer some reassurance.


Also read:
Who will GDPR hit the hardest?
UK needs to align with GDPR, even post-Brexit
GDPR: The World needs “at least” 75,000 DPOs
Is the EU-decreed DPO the next big IT role?
GDPR hangs heavy over Europe
EU finally approves GDPR
EU GDPR: Why are firms lagging on preparation?
EU privacy law to require opt-in and make data processors share in responsibility
It’s UK versus Europe in the battle over data protection