The proposed European Union General Data Protection Regulation is not mentioned at all in the UK government’s Position Paper: Confidentiality and access to documents, published today as part of the ongoing negotiations to exit the EU.
The UK government is drawing up a series of Position Papers, which outline its approach to different facets of the UK’s current membership in the EU, and the position it intends to take in regards to negotiations as and when they start.
The remaining EU27 for their part are so far refusing to negotiate on any other areas than citizens’ rights, the bill to the UK for leaving, and Northern Ireland.
The EU GDPR is a key piece of legislation that will affect any business that holds customer data – including financial services. It is billed as the most important development in data protection in the Union for two decades, and has an enforcement date of 25 May 2018. The EU’s own website on the matter specifically includes reference to the impact that Brexit may have:
“In light of a uncertain ‘Brexit’ – I represent a data controller in the UK and want to know if I should still continue with GDPR planning and preparation?
If you process data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply with the GDPR, irrespective as to whether or not you the UK retains the GDPR post-Brexit. If your activities are limited to the UK, then the position (after the initial exit period) is much less clear. The UK Government has indicated it will implement an equivalent or alternative legal mechanisms. Our expectation is that any such legislation will largely follow the GDPR, given the support previously provided to the GDPR by the ICO and UK Government as an effective privacy standard, together with the fact that the GDPR provides a clear baseline against which UK business can seek continued access to the EU digital market. (Ref: http://www.lexology.com/library/detail.aspx?g=07a6d19f-19ae-4648-9f69-44ea289726a0)”
The Position Paper put forward (Confidentiality_and_access_to_documents_Position_Paper) makes no mention of GDPR, but instead simply notes “General Principles” in regards to documents that may be accessed by, for example, “members of the institutions of the Union, the members of committees, and the officials and other servants of the Union”, in the course of their duties.
As such, the Position Paper’s outlines principles that:
- The UK recognises the importance of continuing to respect obligations of confidentiality and to protect information exchanged while it was a Member State.
- The UK considers that arrangements agreed with respect to confidentiality and the handling of information produced while it was a Member State should be reciprocal, affording an equivalent level of protection to the UK and the EU after the UK’s withdrawal.
- These protections should be equivalent to those set out in the existing regimes.
A full list of Position Papers will be published by the Department for Exiting the European Union, responsible for leading the UK negotiations in regards to Brexit: https://www.gov.uk/government/organisations/department-for-exiting-the-european-union