What does the election result mean for data protection?
The unexpected result of the general election has raised many interesting political questions. As I write this, it looks like the Conservatives will remain in power as a minority administration, with support (in one form or another) from the Democratic Unionist Party. The election will have undoubtedly weakened the government and the fragile electoral maths, combined with a resurgent opposition, means that it will be difficult for the Conservatives to get their programme through Parliament. With the Article 50 clock already ticking, politics is likely to continue to be dominated by the Brexit negotiations.
How does all this affect data protection? As readers will surely know by now, data protection law will be changing from 25 May 2018, when the new General Data Protection Regulation comes fully into force. But that's merely one part of the package of data protection reforms due to be implemented in May next year. There is also the Directive on processing personal data by competent authorities for crime prevention and detection purposes, which will require UK legislation to implement. And then there are all those derogations in the GDPR, which allow the UK to change the rules in various areas. This will also require new UK legislation. Finally, there's the ePrivacy Regulation, which is still making its way through the European legislative process.
So as we approach May 2018 and organisations continue to prepare for the GDPR, there's a lot of work for our new parliamentarians to do. Perhaps one (unexpected) upside to the uncertain election result is that it will limit the legislative ambitions of the new government, freeing up valuable Parliamentary time to deal with more esoteric matters, such as a new data protection act? Alternatively, of course, we may all be heading to the polls again in the autumn.
In the longer term, it is unclear how this election result will impact on the Brexit negotiations. Prior to the election, the government had indicated that the GDPR would be incorporated into UK law at the point the UK leaves the EU via a 'Great Repeal Act'. There is no reason to expect any significant change in this area and so, whilst there remains considerable uncertainty, this should not stop organisations continuing with their GDPR preparations.