×

UK firms won’t be exempt from new EU data sharing rules - here’s why

  • Legal expert says Brexit won't change how consumer data is handled between the U.K. and the European Union
  • The new EU law, which forces companies to disclose illegal breaches of data sharing, will take effect as of May next year
  • Pulling out of the EU data protection law after it leaves the union would not be in the "national interest," the legal expert said
Justin Tallis | AFP | Getty Images

U.K. businesses will still be forced to comply with rules that punish inappropriate sharing of consumer data, regardless of whether they leave the European Union or not.

A legal expert told CNBC that a new EU law that forces companies to disclose breaches of illegal data sharing and to appoint data protection officers will take effect in the U.K. as of May next year. The time frame for Brexit, which is not expected to be completed until at least 2019, would mean U.K. firms would still have to comply.

"Brexit won't change how consumer data is handled in the U.K. - there won't be any reduction of rights or protection," Stewart Room, a legal expert on data protection at professional services firm PwC, told CNBC via email on Thursday.

Why are the rules needed?

Currently there are no stringent measures in place to punish a company that seriously mishandles a European consumer's data. The EU hopes that new protections will grant consumers more control over what happens to their data.

Room's comments come after a report issued by the U.K.'s upper chamber of parliament, the House of Lords, warned that a lack of accommodation for the EU's new General Data Protection Regulation (GDPR) could put the country at a "competitive disadvantage".

A trader pauses while monitoring financial data on computer screens at ETX Capital, a broker of contracts-for-difference, in London, U.K. on Friday, Oct. 7, 2016.
Chris Ratcliffe | Bloomberg | Getty Images
A trader pauses while monitoring financial data on computer screens at ETX Capital, a broker of contracts-for-difference, in London, U.K. on Friday, Oct. 7, 2016.

"Data protection law has never before been so specific and directly prescriptive about what is expected of data controllers and processors. Organizations will be required to be much more transparent with consumers about what they're doing with their data, even before they collect it and if something goes wrong," PwC's legal expert said,describing the new data protection law.

Room gave both written and oral evidence to the House of Lords committee during its inquiry into how Brexit would affect data sharing between the U.K. and the EU.

What does this mean for consumers?

New rules will give consumers the right to data portability (the ability to move their data between organizations in a secure way) and the right to be forgotten (the ability to request the deletion of any of their data kept by an organization).

Inside a data center.
Xinhua | Jin Liangkuai | Getty Images
Inside a data center.

"Maintaining the flow of data between the U.K. and the European Union is vital to ensure cross-border business continues as normal after Brexit," Kevin Burrowes, head of clients and markets at PwC, said in a statement on Tuesday.

The House of Lords committee said it was "concerned by the lack of detail on how the government plans to maintain unhindered data flows post-Brexit" and "the risk that EU and U.K. data protection rules could diverge over time when the U.K. has left the EU."

Should the UK withdraw from the regulation?

It is possible that Britain could pull out from the EU data protection law after it leaves the union, but Room said that this would not be in the"national interest," both for U.K. citizens and businesses.

He added: "It's likely we'll see that U.K. data protection policy after Brexit remain similar, to ensure we're operating on a level playing field with the rest of Europe."