How Does Brexit Affect General Data Protection Regulation

GDPR stands for General Data Protection Regulation and represents the legislation that protects individual’s control over their own data, as well as giving you greater transparency into how your data is collected and used. However, GDPR is currently bound by two laws; the EU GDPR and the UK DPA (Data Protection Act) 2018, which raises the question of how these laws will be affected once the UK has reached an agreement for leaving the EU.
As a starting point, let’s take a look at the current law which still stands intact until the end of the transition period of 31^st December 2020, after which the UK will have needed to complete their negotiations on their future relationship with the EU.
In order to be GDPR compliant, companies currently have to adhere to the following:

Obtaining Your Consent

Companies are required to gain your consent before gathering any of your personal data. The terms of this consent must be clear, and you must have given your consent freely and have the option to withdraw your consent at any time.

Breach Notification

Should a company that has collected your data experience a security breach of any kind, they have 72 hours to report this breech to you, their customer. Failure to report this breech will lead to fines for the company. Should you be subjected to a breech in data security then you can seek data protection breach compensation.

Complete Data Access

You are within your rights to request your existing data profile at any time and the company in question are required to supply you with a fully detailed and free electronic copy of the data they have collected about you. This report is also required to detail the various ways that your data is being used by the company in question.

Right to Data Deletion

Once the company in question have used your data to fulfil the original purpose, (for example to complete a transaction for goods or services received), you have the right to request that all your data be deleted.

Data Portability

You have the right to request your data and reuse it in different environments outside of the company that have originally collected your data.

Privacy by Design

Companies are required to design their systems with adequate security in place, in order to protect your data, before collecting data from you. Failure to comply with this can lead to fines for the company.

Potential Data Protection Officers

Larger companies are required to appoint a data protection officer who is responsible for ensuring complete compliance and safety of the data collected by that company.

Brexit and GDPR

At the end of the transition period, whereby the UK are still negotiating their relationship with the EU, EU GDPR will no longer apply directly to the UK.
However, due to the fact that the DPA of 2018 enacts the EU GDPR requirements in UK law, UK organisations must still comply with its requirements following the end of the transition period. The UK Government has already issued a statutory instrument which replaces the current DPA 2018 and unites it with the EU GDPR. This new regime will be known as the UK GDPR.