recent work

Data Protection in an Ex-EU United Kingdom

I was listening to a political debate about whether there should be a referendum to determine whether the UK remains in the European Union and my mind wandered to imagining how a decision to leave would affect information governance and data protection.

What would this look like? Imagine data transfers in and out of EEA zone if the EU determined that our ’98 Data Protection Act was inadequate. What strategy would our own regulator adopt in terms of harmonisation with other countries? Would we find a loosening up or a tightening of PECR, FOI, and DPA? Would UK companies be entitled to retain data relating to European citizens previously collected or would we be forced to destroy it? What impact would there be on our existing data processes, training and awareness programs, data systems. All interesting food for thought.