Despite the potential Brexit, the long awaited General Data Protection Regulation (GDPR) which is due to come into force on May 25, 2018 remains relevant to the UK, as the UK is highly likely to still be a member state of the EU at the date on which the Regulation comes into force. Even if the UK chooses not to retain the GDPR (whether in whole or in part) once it leaves the EU, as the UK data protection regulator (the Information Commissioner’s Office, or ICO) has stated: “if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU's General Data Protection Regulation framework starting in 2018”.
UK businesses, therefore, should not be deterred from implementing steps in preparation for the new data protection regime; indeed, businesses should be encouraged to take these steps sooner rather than later.