A reform of the Data Protection Act 1998 is on the table following the UK’s vote to leave the EU.
Experts from international law firm Simmons and Simmons and Henley Business School agree that a reform of the Act is to be expected, but stopped short of predicting it would be scrapped altogether.
There was stiff opposition to many measures contained in the EU General Data Protection Regulation (GDPR) during the negotiations with the UK government and it is unlikely the Act will remain in place without tweaks being made, according to partner at Simmons and Simmons, Alexander Brown.
However, he says it will be difficult to avoid the implications of the GDPR for many financial services clients that conduct business across the EU and therefore will need to comply with it.
“The really interesting question – as yet to be decided – is whether the European Commission will recognise the UK as an ‘adequate country’ for the purposes of cross-border personal data transfers or whether the UK could suffer the same fate as the US where transfers of data have been made more problematic through the scrapping of the US Safe Harbor,” adds Brown.
According to the experts, the most likely outcome is that the EU will make a determination in favour of the UK as an ‘adequate country’ given its been at the forefront of providing legal protection for consumers with respect to personal data for over three decades. The UK was one of the first countries in the world to empower its Data Protection Authority to impose fines for personal data breaches.