PwC comments on the latest government report on what Brexit means for how the EU's data protection package will work in the UK
Following the recent release of the House of Lords EU Home Affairs Sub-Committee's Brexit: the EU data protection package report PwC made the following comments ...
Kevin Burrowes, head of clients and markets at PwC, said: "Maintaining the flow of data between the UK and the European Union is vital to ensure cross-border business continues as normal after Brexit. Having an adequacy decision in place, as this report from the House of Lords suggests, would help provide our businesses and the economy with the certainty that UK data protection law is sufficient and allow them to start working towards a common standard."
Stewart Room, PwC's global data protection legal services leader, who gave both written and oral evidence to the House of Lords committee during its inquiry, said: "A declaration of non-adequacy would be surprising given that the UK has led the way on data protection for years, we have a strong regulator in the form of the Information Commissioner's Office (ICO), and in many cases our regulations already go far beyond what other EU member states currently have. However, there are only eleven jurisdictions that currently have adequacy agreements in place. This could point to it being a potentially lengthy process, so I would urge negotiations to begin to provide the certainty that's needed.
"On leaving the EU, the UK would technically be free to abandon the GDPR (it being EU legislation), but retaining it would be in national interest - both for UK citizens and UK-based data controllers and data processors. It's likely we'll see that UK data protection policy after Brexit remain similar, to ensure we're operating on a level playing field with the rest of Europe.
"Regardless of Brexit negotiations, all organisations that handle data on EU citizens must abide by the GDPR by May 2018 and should continue their preparations accordingly. While there are many elements of our political and economic future that may appear uncertain, it’s vitally important that the controllers and processors of personal data don't fall into the trap of thinking that the new EU GDPR no longer matters.
"As the Committee has recognised in its report, it is vitally important for businesses and the economy that transitional arrangements are put in place and that the UK continues to have an influential role in Europe on data protection going forwards."