Written August 9th 2017
This week, the UK government published details of its Data Protection Bill which will enshrine the EU’s General Data Protection Regulations (GDPR) into UK law (here).
The new legislation will become effective in May 2018, when the GDPR comes into force across Europe. The potential penalties for breaching the new data law are severe: up to 4% of global turnover or €20m, whichever is the greater. The EU recently hit Google with a fine of €2.4 billion over alleged market dominance abuse, so national data regulators won’t be shy of imposing big fines on companies that break the new laws.
Unfortunately, the documents published by the UK government with the announcement of the new Bill has precious little to say about Brexit and data flows. The only real reference reads:
“Unhindered flow of data, therefore, is essential to the UK forging its own path as an ambitious trading partner. That is why the government will be seeking to ensure that data flows between the UK and the EU, and also appropriately between the UK and third countries and international organisations, remain uninterrupted after the UK’s exit from the EU. Cooperation with the UK’s law enforcement and security partners, both in Europe and beyond, will also remain a priority.”