Alexa metrics
Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

Expert View: Why is a Brexit Deal So Complex?

11 April 2019 by UKFast

Gdpr & Brexit Webinar Gareth GaddToday we’re hearing from Gareth Gadd, Chief Business Development Officer at Compliance Compendium, Brexit expert and UKFast webinar panellist.

Why is the process of reaching a deal with the European Union (EU) so complex? And what does Brexit have to do with our data? Let’s see what Gareth has to say about the state of Brexit and his top tips for businesses trying to minimise Brexit disruption.


You can’t escape the topic of Brexit at the moment. Much of the discussion will be on whether we get a deal or not. But a topic that is not discussed is why some of the negotiations are so complex.

What’s data got to do with it?

Much of EU trade (whether cross-border or not) has a data element to it. All EU and EEA countries handle data in a similar way and, in particular, personally identifiable information (PII). This is important for many services (e.g. banking and insurance) so that we can trust data transfers across this huge region.

If you take the above at face value, everything should continue as normal after Brexit and we will continue exactly as we are now because we adopted the EU’s GDPR into UK law. Sadly, EU negotiators don’t seem to think the same way. Much has been made of technical issues that prevent the reaching of an agreement.

Are the UK’s data laws ‘adequate’?

The UK is a member of the European Data Protection Board (EDPB) and continued membership would mean that we would be made aware of future potential amendments. Unfortunately, the chief EU negotiator Michel Barnier is against the UK being a member of the EDPB after Brexit. This creates issues. For example:

  • Who would launch an infringement against the UK in the case of misapplication of the GDPR?
  • Who would ensure that the UK updates its data legislation every time the EU updates the GDPR?
  • How can we ensure the uniform interpretation of the rules on data protection on both sides of the Channel?

A sticking point is whether the UK would be bound by legislation from the European Court of Justice (ECJ) after Brexit. If we were not signatories to ECJ rulings then we would not be adopting future European case law into our legislation post-Brexit. This would lead to a bifurcation in UK and EU legislation. The EU may then have grounds to say that our data protection laws were no longer ‘adequate’.

Much of that would seemingly be solved by the UK’s continued presence on the EDPB. Barnier says that the above issues can only be reached by an “adequacy decision”. However, our Information Commissioner Elizabeth Denham says that a data treaty is preferable. Clearly a disagreement. The EU already has an arrangement with the US called the EU-US Privacy Shield despite the US having a lower standard of personal data privacy than the UK under GDPR.

Other issues arise around UK security legislation (e.g. the Investigatory Powers Act 2016) which would make an adequacy ruling difficult and explains why the UK Information Commissioner would prefer a data treaty similar to the US.

Top tips for businesses

Helpfully, the UK Information Commissioners Office (ICO) gives guidance on the effect of leaving the EU.

Their guidance highlights six steps that all businesses should take.

  1. Continue to comply.
  2. Consider transfers to your UK business from the EU and EEA and the safeguards needed to ensure that data can continue to flow.
  3. Consider transfers outside the UK so that you can document the new basis for those transfers.
  4. If you operate across Europe consider how the different data protection regimes apply to you.
  5. Review your privacy information and internal documentation.
  6. Ensure that your organisation is aware of key issues.

The ICO keep the guidance on progress of GDPR and Brexit up to date and all UK businesses should visit the ICO website regularly to ensure that they have the latest information.

Find out how Brexit may affect your organisation and what you can do to minimise data disruption to your business in our latest webinar ‘The impact of Brexit on your data’.