The UK Government has confirmed that the GDPR will apply in the UK from May 2018.
The Secretary of State for Culture, Media and Sport Karen Bradley MP has said:
“We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public.”
Although it was expected that the GDPR would apply for some time pending a Brexit, the announcement should provide some comfort (at least in the short term) for data controllers and data processors in the UK, who can push on with their preparation for GDPR implementation. It remains to be seen what any UK data protection legislation will look like post-Brexit, although it is likely it will need to be equivalent to the GDPR for the reasons outlined here.
The Information Commissioner’s Office (ICO) has said it will publish guidance on the new rules and will, within the next month, set out a timetable for the areas of priority over the next six months – businesses may therefore wish to monitor the ICO website and twitter page for updates. The ICO has already published an updated privacy notices code of practice which includes GDPR detail.