It is likely that the claims sector will still have to prepare for the EU’s General Data Protection Regulation (GDPR), or an equivalent law, despite the UK’s decision to leave the EU.
Verso group has warned that there is a strong possibility that the law may still come into force domestically.
Although the Information Commissioners Office (ICO) has been non-committal on the subject, it has said that if GDPR is not adopted then a UK Data Act will have to match it. The ICO has explained that if the UK wants to trade with the Single Market on equal terms then it would have to be able to demonstrate that it had data protection standards that were equivalent to the GDPR.
In addition, adoption of GDPR is already written into UK law by Parliament, and unless it is repealed it will come into being in less than two years, which will be well within the time it will take to conclude a new trade agreement with the EU.
“Given that it is written into statute to become law with no indication that it will be withdrawn, plus the fact that any type of EEA based deal is almost certain to require its implementation, the least companies should do is plan for it,” said Dene Walsh, director of operations and compliance at Verso Group.
“It may help to approach the question purely from a monetary perspective. How much will it cost to be ready for GDPR vs. a fine from the ICO and damage to reputation. Given the draconian powers the ICO will have under the EU law, and heightened sensitivity of consumers to data breaches it may be best to be prepared come May 2018,” he added.