In April, EU lawmakers finalised the new General Data Protection Regulation (GDPR), governing the storage, sharing and processing of data held by businesses. Now, in the wake of the EU referendum, many UK businesses are confused over GDPR and the question of whether it is still applicable to their operations. Recognising this, the Information Commissioner’s Office (ICO) recently blogged on this topic. In short, while the ICO advises that some specifics around GDPR may change, the legislation will still be relevant to UK businesses – a fact that Trustmarque’s partner Tim Hyman (owner of 2twnety4 consulting) has already discussed

Firstly, the GDPR comes into effect on the 25th May 2018; given the length of time a full exit from the EU will take to negotiate, it’s possible that the UK will still be in the Union on this date. As a result, meeting the requirements of GDPR will still be needed, with the risk of costly fines for non-compliance. Secondly, for any organisation with international operations based in the EU, the GDPR will still apply. Businesses will need to comply so that they can continue to operate in other regions, and ensure consistency around data protection laws and rights across borders.

What does #Brexit mean for #GDPR? Click To Tweet

In addition, even for those UK businesses that do not actually hold or store any data in the EU, if they offer services to EU citizens, then they will still need to adopt the GDPR principles. These businesses will need to demonstrate compliance with several features of the GDPR – such as breach notification within 72 hours and facilitating data portability – or trade with Europe is off the table. Given that 78% of the UK’s economy is service-based, and at the core of that is data and its free movement across borders, compliance with GDPR is therefore going to remain a top priority for UK businesses. 

In today’s digital economy, consumer trust and confidence in the security of their data is essential. Even before the EU referendum, many businesses were struggling with the implications of the GDPR. With Brexit now a reality, the situation has become more complex. But the advice for all remains the same – with less than two years before it comes into force, businesses need to prepare for GDPR now.

To find out more about how to become ready for GDPR legislation please visit