UK Secretary of State Karen Bradley recently confirmed that the United Kingdom will implement the European Union’s General Data Protection Regulation (GDPR), the regulation by which the European Commission intends to strengthen data protection for individuals within the European Union. UK companies will be expected to comply with the GDPR when it takes effect in May 2018. Secretary Bradley made the announcement last week during her appearance before the Culture, Media, and Sport Committee. We’ve previously covered data privacy compliance considerations for UK companies and their business partners after the United Kingdom decided to leave the European Union by a referendum vote in June 2016.
After this announcement, UK Information Commissioner Elizabeth Denham posted on the Information Commissioner’s Office (ICO) blog that the ICO is committed to assisting businesses and public bodies to meet the GDPR’s requirements by May 2018. Commissioner Denham pointed to some existing guidance that the ICO has prepared, including an overview of the GDPR, its 12 steps for businesses to take toward compliance, and its recent privacy notices code of practice.
Within the next 30 days, the ICO plans to issue a revised timeline outlining the guidance areas that the ICO will prioritize for the next six months. This revised timeline will be available on the ICO website, and future updates will be available through the ICO’s Twitter account and the ICO's newsletter.
Commissioner Denham did acknowledge that issues still surround how the GDPR will work after the United Kingdom leaves the European Union, but in the meantime, UK companies should be prepared to comply with the GDPR by May 2018.
Our Brexit Resource Centre will continue to provide guidance on the legal and business implications of the United Kingdom’s decision to leave the European Union. To view alerts and gain immediate access to our most recent guidance on Brexit, please visit the Morgan Lewis Brexit Resource Centre.