The EU’s General Data Protection Regulation will take effect in May 2018. Some people seem to assume that the UK’s pending departure from the EU, known as Brexit, will mean that the UK need not comply with the terms of the GDPR.
This is nonsense at two levels. One is that the fastest exit from the EU (assuming that we exit at all) cannot happen before May 2018. The UK will still be a member of the EU by the effective date of the GDPR.
The other is that whether we are in or out of the EU, it will be necessary for the UK to comply with the terms of the GDPR, at least to the extent necessary for us to be seen as offering an adequate level of data protection. If the UK does not reach this standard, than it will lose its position as a conduit for transatlantic data-flows, probably to the benefit of Ireland.
An article on the ICO blog called How the ICO will be supporting the implementation of the GDPR by Elizabeth Denham, the Information Commissioner, says that the government has confirmed that the UK will implement the GDPR.
The article has links to relevant ICO resources which are worth following up.
