back to article EU GDPR compliance still a thing for UK firms even after Brexit

Many UK businesses will still face the burden of complying with recently introduced EU data protection rules even after Thursday's historic Brexit vote. UK businesses will be subject to the upcoming GDPR (General Data Protection Regulation), which comes into effect in April 2018, regardless of the EU Referendum result, …

  1. Voland's right hand Silver badge

    This is based on the assumption UK is considered a "safe" destination

    I would not be so sure that this assumption holds after a Brexit.

    1. Anonymous Coward
      Anonymous Coward

      Re: GDPR and Brexit

      The Regulation and its enabling Directive has to be in place on the statute Book by 25 May 2018. We may not have left the EU by then. Article 50 of the Lisbon treaty states

      Article 50

      1. Any Member State may decide to withdraw from the Union in accordance with its own constitutional requirements.

      2. A Member State which decides to withdraw shall notify the European Council of its intention. In the light of the guidelines provided by the European Council, the Union shall negotiate and conclude an agreement with that State, setting out the arrangements for its withdrawal, taking account of the framework for its future relationship with the Union. That agreement shall be negotiated in accordance with Article 218(3) of the Treaty on the Functioning of the European Union. It shall be concluded on behalf of the Union by the Council, acting by a qualified majority, after obtaining the consent of the European Parliament.

      3. The Treaties shall cease to apply to the State in question from the date of entry into force of the withdrawal agreement or, failing that, two years after the notification referred to in paragraph 2, unless the European Council, in agreement with the Member State concerned, unanimously decides to extend this period.

      4. For the purposes of paragraphs 2 and 3, the member of the European Council or of the Council representing the withdrawing Member State shall not participate in the discussions of the European Council or Council or in decisions concerning it.

      A qualified majority shall be defined in accordance with Article 238(3)(b) of the Treaty on the Functioning of the European Union

      [ which says:

      3. As from 1 November 2014 and subject to the provisions laid down in the Protocol on transitional provisions, in cases where, under the Treaties, not all the members of the Council participate in voting, a qualified majority shall be defined as follows:

      (b) By way of derogation from point (a), where the Council does not act on a proposal from the Commission or from the High Representative of the Union for Foreign Affairs and Security Policy, the qualified majority shall be defined as at least 72 % of the members of the Council representing the participating Member States, comprising at least 65 % of the population of these States.]

      5. If a State which has withdrawn from the Union asks to rejoin, its request shall be subject to the procedure referred to in Article 49.

      Amid the chaos that accompanied the result, my understanding is that the new PM willl commence negotiations with EU formally, in October. Due to the shenanigans of our politicians it's not even clear whether we've notified the EU Council of our intention to leave [see Article 2 above]. So we are still liable for all the obligations under the various EU Treaties until we leave [see Article 3 above], including being taken to Court for failure to implement legislation The GDPR will be but one of approximately 50,000 pieces of legislation that the Parliamentarians will have to decide whether to keep, revise or discard, when they get themselves sorted! My personal view that as we wish to trade with the EU then it will be kept as is, as its predecessor Directive 95/46/EC was implemented by Switzerland and Norway who have meet EU data protection requirements as well as other pre - requisites as part of their Trading agreements with the EU. [They also could make no input to the directive]

      Effectively we're in a mess and who got us there? Possibly people telling porkies?

      1. Anonymous Coward
        Anonymous Coward

        Re: GDPR and Brexit

        The PM has announced that upon Brexit day in April 2019 all EU legislation in place will remain on the Statute book . This EU legislation will then be “britishcised”. Also after April 2019 we will be no lnger subject to the European Court of Justice. Someone forgot to tell her about the thousands of Irish domiciled in the UK and the Irish Nationality and Citizenship Act 2004. This means that there could be thousands of EU Citizens here who can vote, have dual nationality and are are EU citizens. What happens if these people’s data is not handled by an org as per the GDPR sometime later. They then raise it with the commission who drag the UK government before the European Court of Justice. The case is found again the UK government 'in absentia', who refuse to pay the fine. The money is then levied on every UK government institution in the EU who will have to pay, from the War Graves Commission upwards.

        A horrendous mess! As it stands the org gets off scot-free.

        It seems as though the GDPR will be with us until the EU changes it!

  2. Anonymous Coward
    Anonymous Coward

    > "Installing protocols, such as encryption and two-factor authentication, has never been simpler, and is becoming the standard expected by consumers and businesses," he added.

    Does he mean HTTPS and Captcha? ;)

  3. Matt Bryant Silver badge
    Facepalm

    Pop!

    "....EU citizens...." Yeah, that is the scope of the EU GDPR - EU only. So an UK-based company bidding against an EU-based company for a project concerning EU citizens' data is no more constrained or disadvantaged than the EU-based company will be. However, any EU-based company bidding for data storage for a customer outside the EU (such as hosting the DR center for a company based in the US) will have to comply with the EU rules, but an UK-based company would not, and therefore might have a business advantage in those cases (along with the existing advantage of speaking English as a first language). So, no actual penalty to UK companies in EU opportunities, but possible advantages for UK companies looking at opportunities from the rest of the World. Sorry, was that the sound of another Remain bubble bursting?

    1. Lars Silver badge
      Happy

      Re: Pop!

      Why stop there, why not become the 51st state of the USA.

      1. Disgusted of Cheltenham

        Re: Pop!

        Four more provinces of Canada would be a much better fit.

        Can whole countries claim asylum?

    2. Doctor Syntax Silver badge

      Re: Pop!

      "Sorry, was that the sound of another Remain bubble bursting?"

      Well, it was the sound of something. Please flush and remember to wash your hands.

    3. James 51

      Re: Pop!

      This sounds a lot like 'Our cars are cheaper because we don't need seatbelts.' style of argument.

    4. jonfr

      Re: Pop!

      "[...] Sorry, was that the sound of another Remain bubble bursting?"

      Consider this. No business by EU based companies in the UK (or England as it's going to get renamed to). All the money just going somewhere else.

    5. MonkeyCee

      Re: Pop!

      I'm not sure "we only speak English" is a business advantage. Most American's are at least partially bilingual, and turns out so are most of the EU. Most people who speak English as an additional tongue (it's somewhere between 2nd and 4th language around my neck of the woods) actually speak it more correctly than the natives. But that's a consequence of actually being taught grammar, sentence structure and whatnot as part of all schooling, even in the vocational areas.

      Your example is utter bollocks. Either the UK company is spending the time and money to comply with EU data regulations, which is the equivalent to staying in the EU, and is therefore at zero advantage over any other EU company; or it's not complying with the EU regulations, is excluded from the EU market, and intends to make up this difference with the US. So I'm lost how this is any advantage.

      The main advantage of the UK company is that its attached to a different currency than the EU company. Since it's clear that the UK needs to devalue the pound, experience a recession while the negotiations with the EU take place* (~5 years? 2? 10? Fuck knows?) and then make a decision based on the *actual* terms of a separation, rather than the lies given by BJ and Farage, paying a UK company is probably a great plan. And as long as the UK company can buy all of it's kit manufactured in the UK, from UK sourced raw materials then it'll all be peachy.

      Leave may well work out for the UK in the medium and long term. Just being in the EEA will mean that the UK will still have much of the same benefits, will have to pay *more* into the EU than currently, and will have little to no say in the EU legislation process, whilst needing to comply with the majority of the decisions.

      The regions that have been left to rot by Whitehall, that are currently being regenerated by EU funds, will be abandoned once again. The people who used this as a protest vote against the government are only going to get screwed more, and then be given another scapegoat. Just hope next time ends up with less political terrorism by the leavers.

      * It took 2 years for Greenland to negotiate the EU exit. With a population of 55k and a single export good type..

  4. asdf

    >Why stop there, why not become the 51st state of the USA

    And here in Yank land we have Michael Moore trying to talk us into the joining the EU in the UK's place. Yeah good luck with that one.

    1. Tomato42
      Meh

      honestly, I see Turkey meeting the requirements earlier...

  5. rravq

    Replying to Matt's comments. He is correct in his comments and anyone not seeing the benefits of brexit with respect to the EU 2016 data directive must think that every UK business does business with the EU. The vast majority don't. The EU are demanding the implementation of the right to be forgotten and also the right of deletion. We deal with countries outside the EU, and I can tell you that many people feel that these changes may actually be incompatible with their local laws. Being outside the EU means we can deliver systems on the basis of our customer's requirements, which obviously gives us a significant advantage over the IT solutions providers in the EU. Just think about all the e-commerce requirements in South Africa, Asia and North America that can't be delivered from the EU as a direct result of this directive. Those countries don't like unelected officials in the EU determining their data requirements. If you're based in the EU you have to fully comply with the directive regardless of who you do business with. And I've been told the fines are up to 4% of your worldwide (not EU) turnover. Brexit!! you should be thinking we are lucky to have escaped from it.

  6. anonymous boring coward Silver badge

    What?

    I thought Brexit would result in us all just leaning back in our chairs. Not a worry in the world. Even a liquid lunch might be back on the agenda?

    I demand a new referendum!

  7. Susannah

    GDPR will still impact UK business

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like