Tech industry warns against Brexit divergence from GDPR

The UK tech industry has warned pro-Brexit ministers that breaking away from GDPR will damage Britain’s status as a European leader for tech hubs.

The members of TechUK have said they have no desire to diverge from the EU’s forthcoming data security laws because there is no proof that the move would impact upon UK trade deals, and because so much investment has already gone into GDPR compliance.

Julian David, chief executive of the tech industry’s leading lobby group, has written an open letter to the International Trade Secretary, Liam Fox, underlining how adherence to EU legislation would not prevent Britain from sourcing post-Brexit trade deals.

In the letter, Mr David described how Britain will not gain a competitive advantage over the rest of Europe’s tech sector if a step away from the GDPR is taken, in spite of Brexiteer hopes to the contrary.

“We would caution against the misunderstanding that adherence to the EU data protection regime is incompatible with securing high-quality trade agreements,” Mr David said in the letter, as reported in the Telegraph online.

Pro-Brexit ministers have been pushing for more divergence in the application of Brexit, with opportunities for more creative implementations of the breakaway being proposed for the tech industry.

By contrast, the TechUK has praised the Department for Digital Culture, Media and Sport for embracing the General Data Protection Regulation which will become law in Britain on May 25th of this year.

The GDPR will tighten approaches to data privacy, forcing companies around the world to exercise far greater diligence when processing the data of EU-based individuals.

The new legislative climate will be driven by higher standards of consent, and organisations will have to gain permission to use the information of employees and customers alike in a far more stringent, GDPR-compliant way, at the risk of facing stiff penalties.

Firms guilty of a data breach could be hit by fines of up to 20 million euros, or 4% of annual turnover, whichever is greater. Breaches will also have to be reported to relevant supervisory authorities within 72 hours of them being discovered.

Recognising how much time and effort its members have been putting into preparing for these new laws, TechUK feels that compliance with the GDPR is essential to developing the UK’s position as a global tech and data hub.

Chris Mayers, chief security architect at tech firm, Citrix said:

“The GDPR will do far more than strengthen data privacy rights. The regulation will set a high bar for responsibility and accountability – and not one that every business will meet. While many British organisations are taking steps to achieve compliance in time for the May 2018 deadline, our research clearly reveals some significant obstacles, including uncontrolled data sprawl and lack of understanding around data ownership.

“Ensuring data privacy processes and systems are in place – from privacy by design to privacy by default – requires an organisation to know exactly where their data is and who can access it. Yet many are losing sight of data, spread across multiple systems and shared with multiple partners, while also struggling to scale up to store and control the huge influx of personal customer data they receive today.”

The journey to compliance

Citrix research finds that almost two fifths (38%) of British businesses acknowledge that they are not ready for the GDPR, either admitting that current control access policies are insufficient to comply with the regulation, or they have ‘no idea’ whether they meet the regulation’s standards or not.

All the issues surrounding the GDPR will be discussed at depth at GDPR: Conference Europe, Roadmap for Sales and Marketing, coming to 200 Aldersgate on March 8th.

Supported by Henley Business School at the University of Reading, GDPR: Conference Europe is a one-day event packed with insight from leading UK authorities on the forthcoming legislative changes.

Featuring ten keynote presentations, live panel discussions, and case studies, delegates will benefit from specialist guidance, discover actionable steps to compliance and much more.

To see GDPR: Conference agenda or to book tickets, click here.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.