The EU’s General Data Protection Regulation (GDPR) is coming despite Brexit, bringing substantial change that is better suited to tech behemoths like Facebook and Google, says a legal expert.
GDPR will significantly impact businesses’ approach to data privacy compliance and will likely require major changes in the way organisations collect, use, handle and store personal data, according to law firm and insurance specialists DAC Beachcroft.
Currently, the UK is operating with a “very outdated law, that doesn’t really work particularly well for the environment that we are in today,” but the new changes risk going too far, according to Jade Kowalski, senior associate at the firm.
“We are now, possibly cynically, going too far the other way, and we’re going to be working with a law that actually also doesn’t really work for the world we are living in today, because it’s aimed at Facebook and Google, and those types of organisations, and it doesn’t really fit very well with what the rest of us do,” Kowalski said at an MGAA market briefing in London this week.
The incoming legislation, which takes effect on May 25, 2018, is an attempt to harmonise European data protection law, which is currently a “patchwork of national legislation” in each member state.
“The grand theory behind it is that we would have a regulation which would apply directly, and equally, in each member state, and life would be much easier,” Kowalski commented.
However, there are “50 or so areas” in which the regulation leaves final interpretation to each member state to make its own decision.
While the UK is working out its exit from the European Union following last year’s Brexit referendum vote, it won’t escape compliance with the GDPR, said Kowalski.
“[GDPR] will be applicable despite Brexit, for a number of reasons, but we finally have some clarity in terms of our position around the UK Data Protection Bill, which will write the GDPR into our national legislation,” she explained.
“Which means that for the short to medium term, until someone decides to re-look at it, we will have the GDPR as it stands, with the layer of those 50 or so areas where the UK can choose to implement its own rules.”
Related stories:
New data protection laws to have “considerable impact” on insurance industry
Allianz Worldwide Partners UK appoints legal & compliance head