The flow of information in the modern day is something that individuals and companies consistently concern themselves within a world that is increasingly connected. Where Brexit impacts legislation and the way European law influences the decisions of lawmakers in England and Wales, it also impacts the freedoms and rights that were secured by Acts such as the GDPR.
Often misunderstood for its objectives and complex formation, the GDPR has become a staple of workplace behaviour, forming a pivotal piece of the way employees and employers behave with regard to their privacy.
A primary misconception of the GDPR is its purpose. Security and compliance are the primary priorities of the GDPR in the manner it implements itself within companies and their relations with their employees. Moving forward, the key in this relationship is the understanding of what "effective compliance" is and how companies have to ensure they align with the framework provide to them. The first element that has to be monitored is the formal reaction of legislators to the standing of the GDPR. To this end, what is often forgotten is the presence of a "bridge deal" which enables the GDPR to temporarily retain standing within the UK until such a point where the laws will be adjusted.
Whilst no immediate adjustments have to be made, preparing for subsequent adaptations will be vital. Though businesses or individuals are not mistaken in taking comfort during this transitory period in familiar laws, acting upon the stability and preparing for a new regime is the best advice. To this extent, Giambrone's lawyers' expertise on matters pertaining to the GDPR as well as our consistent research towards gearing our clients for the future, allows us to deliver a comprehensive tailored approach.
For companies, the key lies in understanding their formation. Whilst, companies considered as entities within an established EU state will remain untouched by the impact of Brexit, the story is very different for others. For companies established and formerly in operation from the UK providing services to individuals or businesses in the EU, the position is more complicated. Namely, companies will have to carry out a complete understanding of their business model and whether their activities necessitate policies and actions to adjust to the regulations provided to protect EU individuals. Part of such adjustments extend from data protection notifications to the appointment of EU representative. Such measures are nonetheless dependent on the extent to which a company relies on the flow of data on an international scale or intends to operate within the European Economic Area (EEA).
If the GDPR no longer applies in its entirety, the question lies as to what protections remain in the UK. To this extent, the Data Protection Act of 2018 continues to apply. In its essence, an interesting point to note is that elements of the GDPR were incorporated directly into the act, with law-makers adjusting and contorting it to fit into a context that works within the context of the law of England and Wales. In order to ensure compliance however, the Information Commissioner's Office ( ICO) remains the focal point as a supervisory authority even beyond the bridge period.
At Giambrone our lawyers continually update our clients and individuals making them aware of their rights and obligations under the law extending to data protection. Part of our understanding with clients is that we provide tailored advice to their business model enabling them keep ahead of their competition to ensuring that they are best prepared when moving into an increasingly uncertain and technological marketplace.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
