Charities in the UK will have to adhere to data protection standards that are the “equivalent” of new European Union rules, despite last week’s referendum result, according to the ICO and Direct Marketing Association.
In a statement on Friday, the Information Commissioner’s Office said that UK data protection standards will still be “the equivalent of the EU’s General Data Protection Regulation framework starting in 2018”.
It also said that, if the UK wished to “trade with the single market on equal terms”, it would have to provide ‘adequacy’ on the issue of data protection.
"If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK," the ICO statement said. "But if the UK wants to trade with the single market on equal terms we would have to prove 'adequacy' - in other words UK data protection standards would have to be equivalent to the EU's General Data Protection Regulation framework starting in 2018.”
Speaking at the launch of the ICO’s 2015/16 annual report today, outgoing commissioner Christopher Graham, said: “Over the coming weeks we will be discussing with government the implications of the referendum result and its impact on data protection reform in the UK.
“With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens. The ICO’s role has always involved working closely with regulators in other countries, and that will continue to be the case.
“Having clear laws with safeguards in place is more important than ever given the growing digital economy, and we will be speaking to government to present our view that reform of the UK law remains necessary.”
A spokesman for the Direct Marketing Association said that “the (Brexit) vote doesn’t make a difference at the moment. Even if Article 50 was invoked today, the GPDR would come into force before the UK officially left the European Union. Also, any organisation that still wished to conduct marketing or fundraising in Europe would still be required by law to be GDPR compliant”.
He also said that the DMA anticipates that the UK “wants to continue trading with the EU, so our data protection law will need to be broadly equivalent to existing legislation and strike the right balance between the right to privacy and economic growth”.
The DMA will continue to work closely with both the government and the EU by “discussing the issues that matter to our members”. The spokesman said that it will continue to have a voice in the Federation of European Direct and Interacting Marketing.
The GDPR is scheduled to come into effect from 2018 and will require all organisations to recieve unambiguous consent from people before using their personal data for marketing and/or fundraising purposes.