A recent paper by the UK government sensibly sets out proposals to ensure that the UK is deemed to have an adequate data protection framework, thus allowing the continued flow of personal data between the EU and the UK, post-Brexit.

Given the volume of personal data being maintained by organisations of all shapes and sizes, this seems a very prudent concept. Also, politics aside, there really should not be too much of an issue with this as the UK will have implemented the General Data Protection Regulation (GDPR) prior to Brexit, and thus should have perfect harmony with the EU in respect of data protection. Although any subsequent changes to the UK regime may cast that in a different light, and of course politics can never be dismissed from interfering.

This proposal reinforces the need for UK companies to get ready for GDPR, as there is no intention from any side for this to go away as Brexit enfolds. Therefore getting your house in order now must be a priority - this does not just involve a legal analysis but also fully appreciating how data is used and where it resides so that is can be appropriately managed. This is not a task that should be taken lightly given the portability and transient nature of data and how critical it is to most organisations. UK companies need to act now as Brexit is not going to save them from this regulation!