So, finally a panacea to the confusion on how the UK's upcoming 'divorcee' status affects its legal stance on Data Protection and the GDPR.
As if the ICO hadn't iterated enough that the GDPR will still need to be followed in the UK, this announcement should assuage some who had pressed on with compliance projects to meet the deadline in May 2018 but may also strike fear into the hearts of those who've ignored it.
So what changes? Perhaps not much.
The GDPR has already been clarified by most of the regulatory bodies in the UK and is automatically to be enshrined in law if the 'Great Repeal Act' is successful. To add to that, the Queen's Speech announced a new Data Protection Bill (which was bound to include similar clauses to the GDPR).
However, here begins the speculation: the GDPR is a pretty ambiguous set of regulations, so how might the UK add to this?
Britain had always been one of the strongest proponents of the GDPR, advocating a 24-hour limit on reporting data breaches (as opposed to the 72 hours finally agreed upon). Also, the Data Protection Act 1998, while severely lacking and outdated, is anything but ambiguous. We can probably expect much clearer guidance on how companies can stay on the right side of the law.
So buckle up, because it will be a bumpy ride. My suggestion is that IT professionals start as soon as possible to ensure that they are ready, and that they watch the progress of the Bill to know what to expect when it passes into law. It is almost guaranteed to be tougher and tighter than the GDPR.
To that end, the Data Protection Bill will replace the Data Protection Act 1998, and will incorporate the GDPR into national UK law—meaning that even post-Brexit, businesses will need to comply with the same EU rules for UK citizens. The GDPR goes into effect on May 25 of next year, and will give EU regulators the power to levy punitive damages as high a €20m (or 4% of global turnover, whichever is greater) to organizations anywhere in the world who fail to adhere to a series of requirements when it comes to securing the data of EU citizens.