As with so many legal issues relating to Brexit the position relating to data protection is not entirely clear. Data protection in the UK is undergoing a complete overhaul with a new European Regulation (GDPR) which has been approved and is due to come into force throughout the EU on 25 May 2018.

Its remit is to create strong data protection laws for Europe’s 500 million citizens and streamline legislation between the 28 member states pushing a digital single market.

It will have considerable impact upon businesses, particularly those who deal with consumers who will need to look afresh at how they collect data, what they do with it and what permissions they have. The GDPR changes what is ‘consent’ and introduces compulsory data breach notification, the right to be forgotten and percentage of turnover fines.

The big question at the moment, however, is not how to get ready for the GDPR but whether it will be necessary at all now that the UK has voted to leave the EU.

If a UK business trades in the EU and offers goods or services to individuals in the EU, the new regulations are still relevant even though we have now chosen to leave the EU. It will also continue to apply if a UK business monitors the behaviour of individuals in the EU – this could even extend to the use of cookies.

If a business trades only in the UK, the issue is less clear as the UK Government may choose to include equivalent legislation anyway. It is generally accepted that the data protection laws are out-dated and even though we have decided to leave the EU, it’s likely that data protection will not stay the same for long.

Our data protection specialists can offer you expert legal advice on what Brexit means for your business. For more information, please phone 0370 1500 100 or send our Referendum team an email with any questions.


Key Contact


Joanne Bone – Partner, Data Protection
Telephone: +44 (0)113 218 6429
Mobile: +44 (0)771 088 3924
Email: joanne.bone@irwinmitchell.com

Click here to view Joanne’s full profile


Share On: