Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

Survey reveals UK business' misunderstanding on GDPR and Brexit

Many UK businesses mistakenly think that new EU data protection laws will not apply to them as a consequence of the UK moving towards Brexit, according to a new survey31 Mar 2017

According to research by information management company Crown Records Management, 24% of UK businesses have stopped all preparations for achieving compliance with the new General Data Protection Regulation (GDPR).

The survey, of 408 IT decision makers at UK companies that employ between 100 and 1,000 employees, also found that 44% of UK businesses do not believe the GDPR will apply to UK companies once the UK formally exits the EU.

The GDPR will apply from 25 May 2018, which is prior to the date that the UK is due to formally exit from the EU.

The UK government delivered formal notification to the EU of the UK's intention to leave the EU under article 50 of the Treaty on European Union earlier this week, beginning a two-year process of withdrawal from the trading bloc, subject to an extension which must be agreed by all member states.

The UK government has previously confirmed it will adopt the GDPR despite moving forward with plans for Brexit.

Even if the UK decides post-Brexit to change data protection laws relating to the processing of UK citizens' personal data, UK businesses would continue to be subject to the GDPR where when processing the personal data of EU citizens.

The Institute of Directors recently highlighted the GDPR as legislation that businesses in the UK need to prepare for in a report in which it warned that a "worrying number" of UK businesses lack a plan for dealing with cyber attacks. The GDPR will require organisations to disclose major data breaches, including those stemming from cyber attacks, to data protection authorities and affected customers.

The UK's Information Commissioner's Office (ICO) has already issued some general guidance on the new Regulation and is currently consulting on draft guidance on consent under the GDPR.

“We’ve not heard that people have stopped preparing [for the GDPR]," an ICO spokesperson told Out-Law.com. "However, we do recognise there’s a long way to go for organisations to be ready for GDPR. We are committed to helping organisations prepare and have a dedicated data protection reform website, which contains lots of advice and will be updated regularly."