The government confirmed last month that it will be implementing the General Data Protection Regulation (GDPR) in May 2018. Secretary of State, Karen Bradley MP confirmed to the Culture, Media and Sports Select Committee at the end of October that:
"We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and look at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public".
In short, all UK based businesses that process data relating to EU citizens will need to comply with the GDPR by 25 May 2018. The confirmation may come as a relief to those who have already invested considerable time in preparation for the GDPR and companies should continue to prepare as they have been.
Elizabeth Denham, the UK Information Commissioner, has confirmed that within the next month, the ICO will publish a revised timetable setting out the areas of guidance that it intends to prioritise over the next six months.
It remains unclear how the GDPR will work after the UK has left the European Union. The Information Commissioners Office has stated that it will be working with the government to 'stay at the centre' of the conversations on what the long term future of UK data protection law will look like.
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at November 2016. Specific advice should be sought for specific cases. For more information see our terms & conditions.