Remarkably, there is one thing that is most likely to remain (pun intended) unaffected by the majority decision of the country’s voters to leave the European Union, and that is the way the UK does data protection.
The forthcoming EU upgrade to its own data protection legislation, the General Data Protection Regulation (GDPR), is now on the table in finished form and will need to be fully implemented by all member states by mid-2018. This will happen irrespective of any moves by the UK government to leave the EU. The anticipated date for Brexit is also roughly 2018.
In 2015, 44% of UK export trade was with the EU, and unless that changes dramatically, the UK will continue to rely on the EU for a significant portion of its income. That being the case, we’ll be obliged to comply with the GDPR when working with our European partners. As we’ve all been preparing for the GDPR for some time now (you have, haven’t you?), that will need to continue.
But what about the rest of our business with the rest of the world?
For that, we currently rely on the Data Protection Act, but, despite holding up well after 18 years of service, it’s in need of an upgrade too. New UK legislation will take time to plan and enact, and with other things on the government’s collective mind, it makes sense to focus firmly on the GDPR as a predictable and desirable end point.
The government is most likely to aim to produce a new British version of the Data Protection Act, either agreeing regulations on a country-by-country basis, one for each new trade agreement, or it could enact a single overarching one-size-fits-all law that will apply to all our new trade deals, across the board.
The former would be a needless burden on business and quite at odds with the usual stance on ‘red tape’. The latter approach could lead to the creation of a weakened set of regulations or guidelines, designed to promote new business by minimising legal encumbrances. However, weak regulation would mean that businesses in the UK would then still have two sets of data protection regulations to apply, possibly poles apart in quality. To avoid confusion, the legislation for the rest of the world cannot be weak – in other words, it will need to look reasonably similar to the GDPR.
So, we come to the inevitable conclusion that to retain a significant portion of our trade with Europe, smooth the path of new business in this post-Brexit era, and keep the burden of red tape to a minimum, there is one thing that a post-Brexit UK certainly cannot do without. That is, somewhat ironically, the EU GDPR.
Dave Wonnacott is senior data developer at The Real Adventure Unlimited
This advertisement feature is brought to you by the Marketing Agencies Association, supporters of the Guardian Media & Tech Network’s Agencies hub.
