Well, just to extinguish any doubt, the new Information Commissioner Elizabeth Denham has been speaking to data protection executives today to once again, in her own words, "bang the drum" for an improved, modern method of handling customer data. Fronting the question head on, she reiterated that the ultimate decision regarding EU laws when Britain goes its own way will rely on the Government. However, her department will carry on pressing home the need for customer data to be treated with the utmost respect, having been gathered through informed consent and then treated according to the very letter of the new law.
Her words build on an earlier speech in which she outlines some very common sense points. Brexit may begin next spring, which will mean there will be no formal separation until spring 2019, at which time GDPR's fines will have been on the statute book for a full year. Given that any organisation in the UK will still likely hold EU citizens' data and want to do business with EU citizens, then it almost goes without saying that GDPR is here to stay because many customers will be protected by it, even if the UK is not a part of the EU or a wider customs union.
There was also a little more detail given today on how the ICO will move forward. A report is expected in February to offer advice to data officers within organisations showing how their role is changing and how they now need to make it clear to consumers what data is being held and who the contact is within any company who can be approached by consumers wanting to keep tabs on this and possibly request alterations.
In other words, you've got to make it clear how consumers can see what you hold on them and how they can make changes to this. There are also plans afoot to launch a team within the ICO to work with the Government on implementing the new rules.
For those who are already well on the way to developing a GDPR strategy, today's speech will simply serve as a confirmatory nod they are moving in the right direction. For those who have yet to consider what impact fully informed and free opt-in means for their email marketing lists, it's time to have a rethink.
GDPR is already law, and its fines will kick in within 18 months -- a full year before there is any chance of the rules being repealed. Even if this were considered, any alterations would have to get past the ICO, which has shown itself to be very much in favour of the tougher law and tighter sanctions.
So to put it very bluntly, there really is virtually a zero chance that not implementing GDPR will ever work out.