The Impact Of Brexit On Implementation Of The GDPR In The UK

Kim Roberts
King & Spalding
Contact
LinkedIn
Facebook
X
Send
Embed

As many of you will have read in the international press, the British public has voted at an historic referendum to leave the European Union.  There are wide-ranging implications for many areas of law, the economy and government as a result of the decision.  These challenges must be worked through, and so far there is a significant lack of clarity on many of the implications of the vote.  King & Spalding already has updated our clients in general terms on the potential impact of a British Exit (“Brexit”) via the Firm’s client alert on Brexit.  In the meantime, what is the likely status of the General Data Protection Regulation (GDPR) as a result of Brexit?  Please read this article as a high level summary to be read in conjunction with our broader Brexit client alert. 

The GDPR is an EU Regulation.  Regulations rely on the principle of direct effect, which means that they are directly implemented into the law of each member state without the need for domestic legislation and have immediate effect.  The GDPR is due to come into force in April 2018 and will have direct effect in each EU member state.

The UK has now voted to leave the EU.  It will take some time to achieve the exit from the EU – the likelihood is that it will happen from mid to late 2018.  It is currently very unclear what form the Brexit may take, so we cannot make any actual predictions in particular on specific pieces of legislation.  It is unclear whether the Regulation will be implemented at all in the UK, as the Brexit will occur in the same year as the anticipated implementation of the GDPR, and the Regulation can only have direct effect in EU member states.

We anticipate that the UK Parliament will consider the implementation of any legislation which is pending in advance of an actual Brexit.  Parliament may decide to effect the implementation of the GDPR by way of an independent UK statutory instrument.  This may mean that the GDPR is adopted in its current form in the UK.  Alternatively, a different version of the GDPR may be adopted in the UK – potentially a more likely scenario, as the UK has traditionally (where it has been able to do so) not always chosen to implement the most stringent versions of European law.

So far there is little clarity around what kind of future relationship the UK will maintain with the European Union or how this will be implemented and regulated.  Unsurprisingly, there is currently no specific comment on the future of the GDPR in the UK.  For the meantime, the UK maintains its current regime around data protection law, having implemented its own domestic legislation compliant with the existing EU Data Protection Directive as applicable across the European Union.  King & Spalding will keep our readers up to date as we learn of developments which affect our DPS practice.

Written by:

King & Spalding
King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide