No-deal Brexit could spell disaster for firms struggling to stay on top of GDPR
We’ve written previously about how Brexit is the ultimate in risk management. Organisations must fully understand their level of exposure to Brexit – what is their supply chain, who do they trade with and what the likely impact of Brexit will be?
They can either make changes ahead of time to mitigate that risk or at least put in place contingency plans for the future. That’s a hard task right now because of the sheer uncertainty involved with Brexit. Even now, with just over a month or so until Brexit takes place, we do not know what form it will take or even if there will be a deal or not.
This uncertainty is hampering businesses and the wider economy all over Europe. But as negotiations continue to go around in circles, the prospect of a non-deal Brexit gets larger. Such a scenario brings with it further complications for any business that works with data and moves that data around between the UK and EU countries.
The GDPR threat
It has become apparent over the last few months that the EU is going to get much tougher at enforcing GDPR. While the recent Google fine of €50M is still being processed (and we certainly haven’t seen the end of that, with Google mulling over its options over next steps) is clear that the EU is not going to respect company size or brand when enforcing GDPR penalties. This means any organisation must be extra certain that they are compliant or face the threat of a major fine.
The trouble is, how will this all be affected by a no-deal Brexit? If a UK company moves data across EU borders – and in 2019, this applies to tens of thousands of businesses – then that company needs to be aware of the changes that will occur if the UK effectively signs out of GDPR via a no-deal Brexit.
For the data to continue to flow, then the EU and UK will need to grant an adequacy deal, whereby the EU decides if a country outside the EU offers an adequate level of data protection. Such deals are already in place with 12 countries around the world, but a UK adequacy deal is unlikely to happen quickly, so what will happen to affected data businesses?
A mountain of regulation and work
While larger companies have probably already prepared for the prospect of a no-deal Brexit, with a European data center and a big enough compliance team to ensure everything is relatively uninterrupted, mid-market firms may lack the resources and personnel to do so effectively. Although there is uncertainty around Brexit overall, one thing that is certain is that continuing the data flow from the UK to the EU will involve a lot of work.
This will include identifying current and future EU-UK data transfers and ensuring that UK entities become ‘safe importers’ of data in Data Transfers Agreements. Firms will also need to consider alternative transfer mechanisms to maintain data flows and will need to be extra vigilant to stay on top of data privacy laws such as GDPR.
Few companies have the resource and wherewithal to do this effectively and efficiently, which is why GDPR is best addressed in partnership with a solution provider such as Oxial. The automation of our technology, in combination with the industry know-how and expertise of our consulting partners, offers a 100% guarantee of GDPR compliance.
We know exactly what needs to be done to data to ensure compliance and regular checks are put in place to make sure that nothing slips through the net. This applies to a bank with headquarters in Zurich just as much as it does to a UK ecommerce firm that sells its products all over Europe and will be faced with a GDPR headache if the UK does pursue a no-deal Brexit.