Complications of GDPR adoption in UK post-Brexit 'brings level of uncertainty we could do without'


Harry Leech

(Stock photo)
(Stock photo)

There are likely to be complications in the adoption of the General Data Protection Regulation (GDPR) in the UK, according to Jonathan Armstrong, an expert speaker at Data Sec 2017.

Although the UK will adopt the GDPR in May 2018 along with the rest of the EU, and has committed to the process post-Brexit, Mr Armstrong said there will be "some interesting situations" after Brexit, particularly in relation to Ireland-UK data transfers.

"There are some people in the European Parliament who are likely to challenge that due to the Investigatory Powers Act (2016) in the UK, which gives the British security services wider powers than some European Parliamentarians are comfortable with," said Armstrong.

Considered one of the authorities on compliance and technology across Europe, Armstrong is co-author of one of the definitive works on technology law, Managing Risk: Technology & Communications.

The act has been nicknamed 'The Snoopers Charter' in the UK and extends the powers of the UK intelligence community to monitor communications.

Although the UK will still be considered an important ally to the EU post-Brexit, according to Armstrong, there are precedents in the way the EU has addressed data protection concerns relating to another government with whom it has good relations. 

"There could be a challenge in the same way that the European Court of Justice (ECJ) ruled that the agreement on data-sharing between the EU and US was invalid because of the way the US government handles data," he said.

"That would be a real concern, given the data flows between Ireland and the UK and the fact that there are numerous examples where there are Dublin Data centres providing back office functions for UK companies, and vice-versa."

Complications in the transfer of data between Ireland and the UK could pose serious problems for Irish firms with UK.

"The short term change will not be huge in the Ireland-UK context, but the longer term ramifications could be significant, and it brings in a level of uncertainty that we could really do without,"  Armstrong said. 

The DataSec 2017 conference takes place on 3rd of May in the RDS in Dublin.

The event will provide expert speakers, information and insight to help your business comply with GDPR and get the most out of the new legislation.  Click here to book your place now.