UK companies will be affected by an incoming piece of EU data protection legislation regardless of which way Thursday's vote goes, an international law firm has said today.
Speaking ahead of a conference at the Institute of Directors headlined by specialist insurer Beazley, Hans Allnutt, head of the cyber risk and breach response team at DAC Beachcroft, pointed out that UK businesses were unlikely to fully escape the grasp of the EU General Data Protection Regulation (GDPR).
In particular, Allnutt noted that the UK firms would still be subject to the regulations, as well as the fines for breaching them, if they chose to do business with companies in the EU.
Meanwhile, Allnutt pointed out that the UK's Information Commissioner's Office has previously campaigned for higher standards of protection and greater sanctions for a breach so equivalent laws could be introduced for the country in the event of a Brexit.
Allnutt added that the UK may find itself having to implement a similar domestic law if it wished to remain competitive, remarking: "There will continue to be a restriction on EU companies transferring personal data to non-EU countries unless they can be sure that EU data protection standards will be upheld."
Paul Bantick, Beazley’s European head of technology, media and business services, added: "Data breach insurance really took off in the US after it became clear that it was not just about financial compensation for loss, but more about mustering the right multi-faceted response to a data breach that will satisfy regulators and reassure customers. We expect to see much the same growth in demand in the UK, Brexit or no Brexit."
The GDPR is due to come into force in early 2018. After that, firms that fail to comply with the new regulations will be subject to fines of up to €20m (£15.4m) or four per cent of turnover, whichever is greater.