UK expects to 'opt in' to the General Data Protection Regulation, says culture secretary

Out-Law News | 02 Nov 2016 | 4:39 pm | 1 min. read

The UK will "opt in" to the EU's General Data Protection Regulation (GDPR), a senior government minister has suggested.

In a comment made in parliament, UK culture secretary Karen Bradley indicated that organisations can expect the GDPR to apply directly in the UK, at least for a time, despite the UK's move towards Brexit.

The GDPR was finalised earlier this year and is due to come into force on 25 May 2018.

Bradley said: "We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public."

In July, Baroness Neville-Rolfe, UK minister responsible for data protection at the time, admitted it was not certain if the GDPR would apply in the UK as a result of the Brexit vote.

The UK government has subsequently set out its intention to leave the EU in 2019. In outlining its plans for Brexit, the UK government has said it will introduce a 'Great Repeal Bill'. The Bill, once given effect, will remove the 1972 European Communities Act from the UK statute book and enshrine any EU laws in effect into UK law.

In September, UK information commissioner Elizabeth Denham said that it was likely that the GDPR would apply in the UK before the UK leaves the EU. She said, however, that if that is not the case or if the UK government decides to apply alternative rules to those in the GDPR post-Brexit, the UK rules would "still need to be deemed adequate or essentially equivalent" to the GDPR to preserve data flows between Europe and the UK. 

Denham said future UK data protection laws after Brexit "should be developed on an evolutionary basis, to provide a degree of stability and clear regulatory messages for data controllers and the public".

Data protection law specialist Annabelle Richard of Pinsent Masons, the law firm behind, said recently that businesses should take steps now to prepare for the GDPR taking effect if they have not already done so.