As GDPR turns three, the UK faces challenges around data regulation


The EU’s General Data Protection Regulation (GDPR) is celebrating its third anniversary after it was implemented in May 2018, raising the expectations in terms of data privacy and cybersecurity.

The GDPR is Europe’s data privacy and security law and is described as the toughest data regulation in the world. It imposes regulations on any organization in and out of the EU wanting to offer goods or services to EU citizens and hence collects their data in order to protect its users.

These strict new laws governing how personal data was stored and transmitted forced businesses and organizations worldwide to ensure that their systems were compliant. However, over the past year, there have been some high-profile breaches and failures to comply from companies such as Google, Twitter, and British Airways.

The European Union authorities are very strict about compliance, however, there is a significant lack of clarity around the impact of Brexit on UK-based organizations and compliance with GDPR.

Indeed, as a result of Brexit, many businesses do not really know where to stand regarding data regulations, although businesses in the UK are still bound by the GDPR regulations. The UK is now considered a ‘third country’, so it still has to prove it has strong data protection laws.

The free flow of data remains vital to businesses on both sides of the English Channel. The UK’s Data Protection Act 2018 created a new framework known as UK GDPR, which became UK law in January 2021. It will then be used to determine the UK’s adequacy status.