The Information Commissioner's Office (ICO) has published a statement confirming that following the UK's decision to leave the EU, it will be speaking with government to discuss the implications of the referendum and to present its view that, given the growing digital economy, reform of the UK's data protection regime remains necessary.

As so many businesses and services operate across national borders the ICO says that "international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens. The ICO's role has always involved working closely with regulators in other countries, and that will continue to the be the case". For further information see Practice note, Cross-border transfers of personal data.

It is too early to say what reform of the UK's data protection regime will look like, but the ICO has been clear throughout the referendum process that businesses should continue to make arrangements to comply with the GDPR, even in the event of a Brexit. Businesses will have to await further communications from the government and from the ICO as to the extent that this will still be necessary. For more information see Article, Brexit and the implications for data protection: will that be the rock or the hard place, Sir?.

NOTE: The ICO published an initial statement on 24 June 2016 and we have updated this legal update to reflect its subsequent statement of 1 July and blog of 7 July 2016.

Source: ICO press release, 1 July 2016 and ICO blog, 7 July 2016.