Charities will still have to adhere to data protection standards that are as stringent as the European Union’s forthcoming General Data Protection Regulation in spite of last week’s vote to leave the union, according to the Information Commissioner’s Office.
A statement issued by the ICO on Friday said that although the forthcoming reforms to EU data protection laws would not apply directly to the UK if it was not a member of the union, UK data protection standards would nevertheless have to be "equivalent" to the EU’s GDPR if the UK wanted to trade with the single market.
The GDPR, which is due to come into force in 2018, will require all organisations to receive unambiguous consent from people before using their data for marketing purposes.
The ICO said it intended to call on the government to reform the UK law on data protection, which currently comes under the Data Protection Act.
"If the UK wants to trade with the single market on equal terms, we would have to prove 'adequacy'," the ICO’s statement said. "With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial. The ICO’s role has always involved working closely with regulators in other countries, and that would continue to be the case."
A spokesman for the Direct Marketing Association, which runs the Telephone Preference Service, said the body held a similar view to the ICO. "If we want to continue engaging with EU citizens, we will need to have similar laws in place," he said.
He added that all organisations would need to comply with existing EU legislation until the UK exits the union, which is currently anticipated to happen in 2018.
"How similar these rules will be after an exit is simply unknown at this point," said the DMA’s spokesman. "The finer details will be part of the negotiation process in the coming years."