Why Brexit will not mean freedom from GDPR obligations

Although national media is currently focusing on other major issues, big questions are still unanswered about what will happen once the Brexit transition period ends on 31 December 2020. EU laws will cease to apply to the UK after that date, including GDPR, a ruling that compels companies to take better precautions when handling the data of EU citizens.

But whatever agreement is finally reached, firms everywhere will still be affected by GDPR, as the law applies to EU citizens’ data regardless of where the company that handles it is based. British firms will still be compelled to handle data in a proper matter in order to continue doing business with the EU.

Most users only know about GDPR because they have been forced to click through endless annoying pop-ups about cookies when visiting websites. But behind the scenes many companies have had to rethink their approach to data that simply couldn’t be done without strong legislation.

In nearly all cases, this new approach has been a positive step forward for business confidence and all-round security, even if the initial transition has been difficult for some firms.

In a short eBook produced by Kingston Technology, five experts in data protection and cyber security outline how business data protection has improved in the two years since GDPR legislation was introduced.

This includes technical solutions:

  • Two-factor authentication
  • VPNs
  • Encrypted USB / SSD

As well as changes to company mindset, such as:

  • Changes to staff training
  • Hiring of Data Protection Officers (DPOs)

It makes no sense to backtrack on any steps that have been taken to comply with GDPR just because the UK has left the EU. Not only will these measures still be a legal requirement for companies, but improving the secure handling of data is simply good modern business practice anyway.

When GDPR came into force, the transition was easiest for those firms that had already developed good policies for handling data sharing securely and making good use of encryption, and hardest for those with poor attitudes.

The post-Brexit period could well be the same. Firms should stay committed to best practice in secure data handling, regardless of customer location, while those that cease to take it seriously could face big problems further down the line.

By Rob Allen, Director Marketing & Technical Services at Kingston Technology.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.