It’s now been a long time since the noise over GDP came into started; over two and a half years. So why is there a load more noise?
First, because it hasn’t gone away; and the ICO are levying some big, headline grabbing files. They are, because they can; fines which were formerly capped at £500,000 are now capped at €20m or 4% of global turnover, whichever is the bigger. When British Airways was fined £20m, that was a reduction from what was initially indicated; but still, not small change, at a time when the airline industry is on its knees.
Then – Brexit. The UK was part of the EU in 2016 when the regulation was passed, and became part of UK law (that happened in May 2018). All EU countries were deemed to be compliant with GDPR, so data could be freely transferred between EU countries. That wasn’t the case with the US, so to allow data to be transferred to the USA, a separate treaty was enacted – EU US Privacy Shield. In July 2000 that was found to be illegal, so the authorities responsible for data protection law are scabbling around to find a remedy to allow data to continue to flow. No answers have been found yet. That’s a problem in itself, and a massive one. What’s it got to do with Brexit?
Post 31 December, the Brexit transition period will have ended, and the UK won’t automatically qualify as a country to which EU countries can safely export data. The UK will need an adequacy decision from the European Data Protection Board, and UK law will have to remain adequate, and not flex in an American direction,(where the government has very wide powers of data interception). So its commercial interests might be stretched in different directions, and for UK businesses, used to not thinking if it can share data with US businesses – like MailChimp, or SurveyMonkey, or Stripe – there may need to be a full review of where its data is held, and if it can continue to be held there. A lot of US companies of course are looking at this – but a lot are being sued for not doing anything significant about it.
Protecting data is crucial to the value of businesses – for their own good, for their customers and their staff. It’s not going to be good for your business if you get hacked because your protection is inadequate, and you get publicly fined.
Paul Berwin is Senior Partner and one of the foremost technology lawyers in the North of England.
Our dedicated and friendly team is here to help. If you have a matter you would like to discuss in confidence, please get in touch by calling 01423 509 000 or use our contact form online and we will get back to you as soon as possible.