HomeInsightsBaroness Neville-Rolfe, Minister for Data Protection, says that, despite Brexit, the underlying reality on which policy is based has “not changed that much”.


+44 (0)20 7612 9612

Speaking at the Privacy Laws & Business annual conference on data protection, Baroness Neville-Rolfe said that although she could not be as definite about the detailed UK line on many things post the EU referendum, the problems in the area of data protection and privacy are still important and need answering.

One problem, Baroness Neville-Rolfe said, is that we do not know how closely the UK will be involved with the EU system in future.  On the one hand, if the UK remains within the single market, EU rules on data might continue to apply fully in the UK, she said.  On other scenarios, we will need to replace all EU rules with national ones.  Currently, it seems unlikely we will know the answer to these questions before the withdrawal negotiations get under way.

Baroness Neville-Rolfe said that one thing that can be said with reasonable confidence, however, is that if any country wishes to share data with EU Member States, or for it to handle EU citizens’ data, they will need to be assessed as providing an adequate level of data protection.  “This will be a major consideration in the UK’s negotiations going forward”, she said.

In the meantime, Baroness Neville-Rolfe reminded people that the Data Protection Act 1998 continues to be the UK’s data protection legal framework and “it is important that organisations continue to comply with it”.  The Government is also “ensuring it works better” with the new Digital Economy Bill.

Baroness Neville-Rolfe also talked about “the relatively easy subject of cyber security”, which is “a major priority for this Government”.

In November 2015, she said, the Chancellor announced a £1.9 billion investment in cyber security over the next five years, including the establishment of a National Cyber Security Centre.  The Centre will establish a single point of contact for industry to get advice and support on cyber security.

Businesses in all sectors should “take action to protect themselves”.  Most successful cyber attacks exploit basic vulnerabilities, so “this is a risk that can be easily managed by most firms”.  According to Baroness Neville-Rolfe, good cyber security requires “continual focus, leadership and commitment, not only to prevent breaches but also to detect and respond to incidents rapidly”.

The Government has put in place a range of guidance and interventions to help businesses protect themselves online.  The “Cyber Essentials” scheme has been developed to give industry a clear baseline to aim for in addressing cyber security risks to their company.

As for the Internet of Things, many connected devices are already on the market, Baroness Neville-Rolfe said, and in time nearly all products and services will have a digital element.  This is “a huge opportunity for Britain at home and overseas with its strength in digital, its creative, innovative people and strong universities to keep up the flow of new ideas and IP”.

In conclusion, Baroness Neville-Rolfe said that the essentials are: first, that the explosive growth in digital developments of all kinds will continue apace; and second, that the need to protect citizens’ interests and data will remain a priority.  How we achieve the latter objective, however, has “got a little more difficult” and “the sooner we think hard about how best to adapt to recent developments the better”.  To read the speech in full, click here.