Information Commissioner’s Office (ICO), the British national data protection authority, has warned that the UK will have to subscribe to provisions of the upcoming General Data Protection Regulation (GDPR) if it wants to continue trading with the EU.

The guidance was issued following the referendum on Thursday, in which 51.9 percent of the voters said they want the country to leave the European Union.

From 2018, GDPR will automatically supersede various national laws across 27 remaining European states. The new rules are hailed as the biggest change to digital privacy landscape in Europe for 20 years.

“If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK,” an ICO spokesperson explained in a statement.

“But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ - in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”

By the rules

– Thinkstock / Vitalii Tkachuk

GDPR gives more power to the users of online services, proposes stronger safeguards for EU citizens’ data that gets transferred abroad, and considerably increases the fines that can be imposed on companies that break the rules. It states that businesses could be fined up to 4 percent of their worldwide annual turnover for non-compliance.

The regulation requires businesses to report security breaches that affect customer data within 72 hours of discovery, and to appoint a data protection officer if they process sensitive data on a large scale.

GDPR took years of negotiations, and it looks like opting out of the EU will not stop British businesses from having to comply.

“With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organizations and to consumers and citizens. The ICO’s role has always involved working closely with regulators in other countries, and that would continue to be the case,” an ICO spokesperson said.

“Having clear laws with safeguards in place is more important than ever given the growing digital economy, and we will be speaking to government to present our view that reform of the UK law remains necessary.”