Editor, Solicitors Journal

GDPR and edisclosure after Brexit

12 Jul 2016News

The EU General Data Protection Regulation (GDPR) is due to come into effect from May 2018. Now that the UK has voted to leave the EU, what will become of this regulation and what effects will it have on edisclosure?

The answer to this question will be determined by how the UK separates itself from the EU.
It could remain part of the European Economic Area (EEA) Agreement, and therefore the status quo would remain and nothing with regards to the GDPR would change. Edisclosure vendors would still need to comply with the GDPR. An alternative answer could be
that the UK does not remain a member of the EEA, which would create a lot of uncertainty and raise numerous questions.

First, will the UK create its
own version of the GDPR? Once article 50 of the Lisbon Treaty
has been signed and the UK's withdrawal has been negotiated, I believe that the UK will adopt something similar to the GDPR. The regulation was already agreed and it would make sense to implement the GDPR as a basis for any UK data protection legislation.

Whether a UK version would be as complex would be down
to the lawyers of this country, but making sure that any legislation takes a serious look
at maintaining the privacy of
UK nationals' personal data in
a modern world is imperative.

If the UK decides not to adopt the GDPR and only processes UK nationals' data, then the GDPR would have no effect on UK vendors. If an EU national
has data in a case, then, as I understand it, the GDPR would come into play.

Second, would UK vendors
be able to process EU data in
the UK? This will depend on whether the UK is considered
a safe third country or whether it will have to jump through hoops to achieve some form
of agreement, similar to the EU-US Privacy Shield. Alternatively, there might
be a spike in UK edisclosure vendors opening up offices in Europe with the sole purpose of processing EU data. If this sparks a trend, then the offices within the EU will most certainly have to comply with the GDPR. A transfer without an agreement would be considered a breach and could lead to hefty financial penalties.

It makes sense that UK edisclosure vendors should be prepared to comply with the GDPR until told otherwise. The risks of not complying are too costly, and hiding behind Brexit will not be a sensible approach. There are so many EU nationals in the UK whose data should be protected under GDPR that not complying or transferring data to the UK from the EU which would contravene the regulation could land an edisclosure vendor in hot water.

James Merritt is director of forensic technology and edisclosure at CityDocs @CityDocs www.citydocs.co.uk

Legal News desk contact: editorial@solicitorsjournal.com

Latest Articles

Jury trials under threat in fraud

Plans to replace juries with specialist judges in fraud trials spark fierce debate over justice, efficiency, and rights

UK migration crackdown could pile pressure on lawyers

Sweeping visa curbs and settlement delays pose major compliance challenges, leaving lawyers to navigate risks for clients

Government clears path for new homes

The New Homes Accelerator is set to expedite the building of nearly 100,000 homes across England

Tribunal upholds manifestly unreasonable exception in environmental information dispute

First-tier Tribunal dismisses appeal against Information Commissioner, reinforcing limits on environmental information requests under EIR.

Forestscape Limited successfully challenges asset of community value designation

First-tier Tribunal allows appeal against woodland's ACV classification, emphasising evidential requirements for community value designations.

Tribunal upholds disclosure of hydrogen heating environmental information

First-tier Tribunal dismisses Secretary of State appeal on environmental information disclosure

High Court scrutinises prolonged immigration detention amid mental health concerns

Immigration detention challenged where vulnerable detainee's mental health deteriorates significantly

High Court refuses DoLS extension for young sexual offender on licence

High Court declines deprivation of liberty order for rehabilitating juvenile offender

Article 13(b) defence in international child abduction: YM v ML analysis

High Court ruling demonstrates stringent threshold for grave risk exception under Hague Convention.

High Court rules on employee share option rights after termination

High Court examines share option exercise rights following employment termination in Dixon v GlobalData

High Court clarifies creditor rights in DG Resources Ltd v HMRC winding-up dispute

High Court reinforces HMRC's creditor position whilst examining service requirements and cross-claim thresholds.

EU AI Act brings GPAI rules to life

The EU’s new AI rules make GPAI compliance an immediate reality for UK companies developing or deploying these models

A historic step: 16-17 year olds gain vote

After years of advocacy, the UK Government confirms voting rights for 16 and 17 year olds

Supreme Court ruling on fraudulent trading liability

UK Supreme Court clarifies liability of third parties in MTIC fraud and limitation rules for dissolved companies.

Forty years on, surrogacy law is still playing catch-up

Despite international growth in surrogacy, UK law remains reactive, outdated and ill-equipped for today’s challenges

SJ Interview: James Palmer CBE

James Palmer CBE, Partner of Herbert Smith Freehills Kramer, has long been recognised as one of the UK’s most influential corporate lawyers and policy voices. Awarded a CBE in 2025 for his services to business and law, he has combined a high-profile career in M&A with decades of work on legal reform. In this interview, he discusses the challenges of legislative inflation and corporate advice, access to justice, and the future role of technology.

The SQE is failing its own test

Five years on, the SQE is underperforming, and targeted reforms could close persistent gaps.