The EU Parliament has recently voted for the biggest change to data protection laws in twenty years.
This change will consist of increases to fines for companies who do not comply; up to 4% of their global turnover or £15.8m – whichever is greater – and they will need to show how they are complying with legislation. In aid of this, all large companies will be required to employ a data protection officer, and any data breaches must be reported within 72 hours despite agreement over the difficulty of this stipulation.
This legislation will apply to any company that handles EU members’ data, whether they are based in the EU or not.
Of course, a major concern is how the EU Referendum will affect such a data law shake up. Although the UK Data Protection Act, which we could continue to follow if we leave the EU or not, is based on EU Directive, it is local law and as such there should not be any particular change in the short term.
Most experts agree that UK data protection laws require updating regardless of the outcome of the referendum.
Data trade will still need to occur if the UK does leave Europe – such as personal data – which is where the issues may occur. The country would have to be recognised by the EU as providing equivalent levels of protection as EU member states. But hardening political stances in the case of an exit may mean that this is more difficult to obtain, which means the UK may adopt practices similar to the rest of the EU even on the outside of it, all in an effort to continue data trading.