BREXIT as widely predicted will inevitably throw a 'spanner in the works' where the UK stands on GDPR. And as we all know, uncertainty is the perfect excuse to 'tune out' until clarity prevails.
The issue as I see it is that the GDPR catches data controllers and processors outside the EU whose processing activities relate to the offering of goods or services (even if for free) to, or monitoring the behaviour (within the EU) of, EU data subjects.
So on this basis the fact that the UK BREXIT means that unless a business can be sure that it maintains details of no EU subjects, it should consider itself bound by the regulation?
My personal view is that taking a more relaxed view on privacy and cyber security is unlikely to engender the UK to the global economy. So on that basis following the fundamentals of GDPR would seem to be prudent even if some of the stuff around the edges might be subject to tweaking by the ICO as far as UK subjects are concerned.
Going forward it could be argued that the UK's proximity to the EU, albeit not part of it, puts us in a great position to provide supporting services to the rest of the world when it comes to preparing it for GDPR.
The General Data Protection Regulation (GDPR) comes into action next year, marking a sharp change for UK businesses. Under its auspices, businesses will face massive fines for violations like not reporting, or appropriately remediating a breach. The new measures will bring in a kind of data protection yet unseen in the UK. That may not be for long though. Earlier this year, the United Kingdom voted to leave the EU throwing the status of those regulations on UK shores into uncertainty. European law still currently applies in the UK, but may no longer by 2019, the time the government plans to make its final departure from the supranational body. A failure to come to clarity on these two points is not “good because it can delay investment in compliance systems,” Wood told Bloomberg BNA.