Data protection in the UK post-Brexit: the only certainty is uncertainty

The EU General Data Protection Regulation was published in the Official Journal of the European Union on May 4 2016 and it will be binding on all member states including the UK, from 25 May 2018. This paper critically examines the implications of Britain?s exit from the EU on data protection law in the UK with a particular focus on the various trade models available to the UK such as the EEA model, the Swiss model, the free trade agreement as adopted by Canada, as well as the WTO model. Irrespective of the model chosen for exiting the European Union, the UK will adopt standards almost identical to the GDPR in order to remain a competitive actor in the global economy. Nevertheless, the paper contends that this does not necessarily suffice to secure an adequacy decision from the EU Commission. As clarified in the European Commission?s January 2018 Notice, if the UK and the EU cannot reach an agreement on data transfers bureaucratically burdensome requirements could apply to UK businesses. This adds to the prevailing uncertainty around Brexit.