6 minute update on the latest developments in cyber law

6 minute update on the latest developments in cyber law

Among the many challenges facing legal advisors, compliance officers and, indeed, boards of directors in the coming months and years, will be the requirement to review and, in most cases, substantially overhaul, their data protection and management practices.

Dean Armstrong QC
 gives us an overview of the latest developments in cyber law in the light of the latest political developments in the UK.


In May 2018, the General Data Protection Regulation (GDPR) comes into direct effect in the United Kingdom.

What is it?

This Regulation is the first attempt at unifying regulation of personal data attempted by the European Union. It is an acknowledgement of what is becoming a reality of life, the protection and care of an individual’s personal data is sacrosanct.

It’s a European Directive. What happens post Brexit?

Notwithstanding, it is almost certain that the UK will still be subject to EU law in May 2018, post-Brexit, in order to exchange data with EU corporates and EU subjects, the UK will have to adopt data protection regulation that is either as rigorous as the GDPR or more so.

There are currently three broad paths open to the UK post-Brexit:

  1. Joining the European Economic Area ('EEA'). This is the route adopted by Norway. Membership of the EEA will require the UK to implement rules and procedures that are equivalent to those of the European Union.
  2. UK signs bilateral trade deals with the EU. This is likely to result in the UK having to agree to a duty to apply laws that are at least as demanding as European Union legislation. This is the option that has been adopted by Switzerland.
  3. The other possibility is that the UK signs an, or a series of, independent trade deal/deals without taking on the burden of accepting equivalent EU obligations.

The government’s recent announcements make it likely that the third option may be followed, but significantly it has been indicated that the initial stance will be that all EU regulations will be adopted until repealed.

Under the first two options, it is clear that the UK would need to adopt data protection regulation that is at least as strict as the GDPR. Under the third option, the UK would still need to adopt 'adequate' protections in order for the EU to allow its members to pass information to the UK. In other words, the UK would still need to regulate to at least the standard of the GDPR.

To what does it apply?

The Regulation applies to t

Related Articles:
Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author: