Uncertainty is ever present when dealing with Data Protection and since the Brexit referendum there is undoubtedly an increased level of uncertainty. Many questions are circling relating to how will this Brexit decision impact data processors and data controllers across key sectors of the UK and Irish economy.
For example, will paper shredding Dublin and the related legislations be the same as that in London, or will secure document shredding Galway be subject to separate legislation as that in Manchester. Similar issues arise when multinational Companies that for example, receive confidential shredding Limerick at their Limerick location and also receive confidential shredding Belfast in their Belfast location, will there be discrepancies in the requirements for each location to be compliant with Data Protection Legislation?
EU & The Single Market
Harmonisation of laws throughout Europe has been one of the main aspects of the EU. The current regulations for protecting personal data within both Ireland and The UK which include secure document shredding derive from EU Law. The Data Protection Commissioner in Ireland and the Information Commissioner in the UK released a statement saying that the on-going 1998 Act will remain law post Brexit.
General Data Protection Regulation (Divergence of the Law?)
In May 2018 the General Data Protection Regulation will come into effect. Unlike its predecessor the Data Protection Directive, the GDPR will be a cross region regulation that will apply directly to all EU member states.
With The UK no longer being a member of The EU the GDPR will not apply to it. With this in mind there are many questions relating to the future path for UK data protection rules. In areas such as data transfers, subject access requests and data erasure whether it be paper shredding or Hard-Drive destruction.
If the UK wishes to remain a central location for IT & Finance then it will seem that they will have to comply with The GDPR, additionally if they wish to join the European Economic Area it will need to adopt the GDPR.
What does it mean?
In plan terms, it is likely to remain business as usual for the next 12 – 19 months and the exit period is expected to take up to 2 years which ends a couple of months after the GDPR is implemented.
In many views, the Brexit outcome is beneficial to Ireland relating to Data Protection. The Republic will be the only English speaking nation with the benefits of being part of the EU free movements of services, people, goods workers and personal data.
This means that businesses can structure their operations so as to only be subject to one single data protection authority such as The DPC.
The content of is for information purposes only and does not constitute legal or other advice.
For more information please contact the Security in Shredding team.