Who knew that Brexit negotiations would still be up in the air this close to deadline day? Whatever the outcome, whether there’s a deal agreed or not, Brexit is bringing huge change for us all.
As well as uncertainty surrounding the trade of physical products, the transfer of data between the EU and UK is also a primary concern. The Information Commissioner’s Office has warned of disruption to data sharing between the UK and EU in the event of a no-deal scenario. So what can you do to Brexit-proof your business data?
In the first episode of our Brexit Dilemma webinar series, we explored the impact the UK’s departure from the EU may have on the GDPR and the transfer of data.
The webinar speakers were:
What were the expert views on this topic? Let’s find out.
The main concerns from the experts surrounded the event of a no-deal Brexit.
Jacob O’Brien explains: “In the event of no deal, it’s going to be very difficult to transfer data from the EU to the UK. Essentially, we’ll be outside the club of countries deemed safe to send data to. That’s going to cause issues for a lot of businesses who rely on their data coming from EU companies.
“What you’ll probably start to find is that as we get closer to a no-deal scenario, some EU companies will start implementing model clauses for English companies, which is going to cause a few issues.”
When the UK leaves the EU, it becomes a third country – any country that isn’t part of the EU is classed as a third country. From here, the EU must declare whether or not the UK’s data protection measures are equivalent to their own. This is known as an adequacy agreement and decides whether or not the EU can send its data to the UK as normal.
Will Eggleston said: “If we leave with no deal but want to avoid data disruption, we have to leave with an adequacy agreement at the exit date. This allows data to be transferred into the UK without any restrictions.
“However, this is very unlikely. The European commissioners have said that they wouldn’t start the process of assessing the UK’s laws until we actually leave and become a third country.”
If the UK leaves without a deal, there is no way of knowing if the EU will be able to share data with the UK, or how long an adequacy agreement will take to be implemented. So, if you currently rely on the transfer of data from the EU to your UK business, you may need to rethink your strategy to ensure your data doesn’t become effectively stuck in the EU after Brexit.
Gareth Gadd urges companies to think about where their data is being held, especially if you’re using cloud services. He said: “Many companies aren’t thinking about where their data goes in the cloud. It could go to a data centre anywhere in the world.
“Say, for example, you put data into an online CRM system – you are the data owner and the CRM system is the data processor. That CRM system can be hosted in the UK or EU but the data is processed outside this region – very often in the USA. In this case, you need to notify the data subject and gain their consent to store and use data for specific purposes in the UK or EU. This includes notifying them that their data will be processed overseas.
“If a customer is not notified and their data is processed overseas, other data privacy regulations in that third-region may allow data mining and further processing of that data without the need to gain further consent. This is just one small example, but can apply to storage, mail, and many other cloud-based business tool you may care to think of.”
Although it may seem a rather turbulent topic, Yasmin and Gareth did point out some positive elements to Brexit.
Yasmin said: “I’m quite optimistic. Rather than viewing Brexit as a bad thing, I think it presents real opportunities. Business owners need to consider how they can improve in light of these changes. They need to consider resource management, planning ahead, making sure their systems are available for inspection and general data auditing.”
Gareth agreed: “If you’re already GDPR compliant then you know where your data is, who controls it, and who it’s shared with. This improves the efficiency and effectiveness of your company. Therefore you already know whether you will be affected by restricted data transfer. I think it’s a very hopeful scenario.”
With UKFast, you receive around the clock, UK-based support and all your data is stored in our wholly owned, UK-based data centres – so your data never leaves the UK.