Over the past few weeks, we’ve been exploring the General Data Protection Regulation (GDPR) being brought into force in the European Union (EU), its key changes and its effect on the automotive industry. The new data protection laws take effect from 25th May 2018 and all businesses that store and process customer data must comply or face penalties.
Our previous blogs include:
- An Introduction to the GDPR
- Key changes to Data Protection laws for automotive industry (part 1)
- Key changes to Data Protection laws for automotive industry (part 2)
This week, we will look at the implications of Brexit on the GDPR and whether your business will need to comply with the rules after Britain officially leaves the EU.
All this information and more can be found in our latest eBook – GDPR: The new data protection law – which you can download for free.
Does the GDPR apply to non-EU businesses?
Alongside the changes surrounding the storage and processing of customer data under the GDPR, the EU is also introducing an increased territorial scope to ensure wider protection for citizens. This extended jurisdiction applies to all businesses processing the personal data of those residing within the EU – whether the data controller is based in the EU themselves or not. Even if data processing takes place outside the EU, if that data pertains to EU citizens, the data controller must comply with the GDPR rules.
An example would be if your business was offering goods or services to EU citizens, such as vehicles or financial aftercare products. Or even if you are monitoring the behaviour of EU citizens and maintaining data on their actions. Also, non-EU businesses processing the data of EU citizens will have to appoint a representative in the EU.
What does this mean post-Brexit?
Britain is currently still a member of the EU and the GDPR will come into effect before Brexit, therefore the rules will apply to British businesses. Even after officially leaving, if your business collects, processes or stores information on EU citizens, you must comply with the GDPR. If your activities are limited to British citizens, then the current position is much less clear post-Brexit, and subject to the Government’s decision on maintaining equivalent or alternative legal mechanisms.
Irrespective of Brexit, you should plan and prepare for GDPR legislation to come into effect from May 2018.