Many have wondered whether the United Kingdom (“UK”) would still implement the EU General Data Protection Regulation (“GDPR”) in light of the recent passage of the UK referendum to secede from the EU. In recent news, Karen Bradley, the Secretary of State in the UK and Elizabeth Denham, the UK Information Commissioner of the Information Commissioner’s Office (“ICO”), have finally put an end to the speculation by confirming that the UK will be implementing the GDPR.
In an appearance before the Culture, Media and Sports Select Committee, Bradley stated that the UK will “opt into the GDPR and then look later at how we might be able to help British business with data protection while maintaining high levels of protection for members of the public.”
This announcement was applauded by Denham in a blog post published on October 31, 2016, as “good news for the UK.” Denham went on further to affirm that the ICO is committed to helping businesses and public entities prepare to meet the requirements of the GDPR, and urged people not to become distracted with the UK referendum in achieving GDPR compliance by May 2018. In the meantime, Denham directs entities to take a look at an overview of and existing guidance on the GDPR and the privacy notices code of practice to assist with GDPR preparation.
As for future plans, within the next month the ICO plans to publish a timeline on areas of guidance they will be prioritizing for the next six months. Watch this blog for updates as we will be covering the future publications of ICO to explain how each guidance affects organizations and how it can be implemented.