News & Blog

Brexit Makes No Real Difference to Data Protection Laws Says ICO

By Francis West on 29th June 2016

The Information Commissioner's Office (ICO) has stated that despite the Brexit vote there will be no relaxation in data protection laws and that the data protection laws set by the EU will still apply.

The ICO has however stated that leaving the EU before any new data protection laws come into effect could mean that these laws may not apply in the UK.


Data protection law can be a complicated area and the complications surrounding Brexit and the confusion and lack of knowledge about exactly what kind of relationship the UK will now have with the rest of Europe has led to speculation about the relevance to the UK of EU data protection laws.

The ICO has therefore sought to clarify the situation this week by confirming that in order for the UK to trade with other countries in the EU, the UK’s own data protection laws / standards will at least have to be on a par with those in the EU i.e. at least on a par with GDPR. In legal language this means that the UK will need to provide ‘adequacy’ for its own data protection laws.

What Is GDPR?

The General Data Protection Regulation (GDPR) is new EU data protection law that is due to come into force in 2018 and will affect all companies worldwide that process the data of EU citizens.

This means that GDPR would need to be adhered to by the UK anyway, regardless of its position in the EU as the point about GDPR is that a company’s location is irrelevant. If the data a company collects and handles relates to any EU citizen and it can identify them then GDPR applies.

ICO Group Manager Said Basically ‘No Change’

Prior to the Bexit vote the ICO's group manager Garreth Cameron is reported to have told delegates at the Data Security in the Cloud conference that the UK's strong data protection laws would remain unaffected by a vote to leave the EU although that the exact details of how they work in that new context would be a matter for the UK government to decide.

Consistency and Reform

The ICO has also stated that consistency in data protection laws for international trade is going to remain an important issue and that the huge growth in the digital economy has meant that there may need to be at least some reform to the UK’s existing data laws.

What Does This Mean For Your Business?

It’s a case of keep calm and carry on where data protection laws are concerned. The same data protection laws and regulations apply for the time being and it is also important that businesses make sure that they are prepared for and up to speed with GDPR because even though it is an EU regulation, it applies to all countries worldwide including the UK.