About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

No-Deal Brexit Could Threaten GDPR Compliance

Subscribe to our newsletter

By Alex Scheinman, Director, ACA Compliance

Despite its crucial importance, data protection in a post-Brexit world is not getting the attention it deserves. UK firms have spent a significant time preparing for the General Data Protection Regulation (GDPR) as members of the EU. However, Brexit means that they may have to comprehensively re-think their approach and get ready to tackle GDPR from outside of Europe – a very different proposition. Those that fail to comprehend the full impact of Brexit on UK data protection could be in for a nasty shock.

As it creeps closer every day, Brexit, whatever its final form, is threatening to force British companies to reassess how they approach GDPR and data protection. A no-deal Brexit remains a possibility – albeit a slim one – and UK firms have to be prepared for every conceivable type of Brexit. In the worst-case scenario, the EU would no longer automatically confirm the UK as meeting adequate standards for data protection – and the UK would drop down to “third country” status. Data wouldn’t flow from the EU to the UK unless British companies established legal safeguards, such as Standard Contractual Clauses, to remain compliant on data security. Should this happen, companies would be forced to revisit their previous GDPR preparations. Data flows would have to be re-examined to identify personal data transfers from the EU, and new mechanisms would need to be put in place to legitimise these cross-border transfers.

GDPR unquestionably poses a massive question for British firms. But more generally, any organisation that keeps a record of EU personal data is also at risk of being affected. Retail banks and financial managers are obvious culprits for holding customers’ personal data, but asset management firms, whose customers are other institutions, may not think that it does apply. This sort of assumption might not only prove to be wrong, but also costly. Data privacy audits show that company information on HR matters, compensation, contractor relationships, due diligence and so on, can create surprising exposure to GDPR liability.

GDPR is emerging as the new global standard. In an example of the “Brussels effect,” non-EU companies around the world have begun choosing to implement GDPR even though they are not required to. While GDPR compliance will be essential for UK companies doing business in Europe, it may well become requisite in business dealings around the world. Consequently, revisiting GDPR programs early and being prepared for the possibility of a no-deal Brexit are swiftly becoming existential issues.

Reviewing your company’s GDPR plan makes sense from a variety of business perspectives, not just in relation to Brexit. Helping you to reduce, quantify, and manage your risk is an obvious advantage. But this also spills over into other benefits: you avoid the potential for crushing fines; you demonstrate to customers and partners that their data is secure with your company; and you are prepared to effectively manage the inevitable data breaches. But perhaps most importantly, you project the right kind of corporate image by avoiding the wrong kind of headlines. The importance of this cannot be understated in a world where poorly handled data breaches tarnish reputations and destroy trust.

Recent, high-profile leaks have led to people around the world developing a new relationship with their personal data. The expectations over how this data is used and protected are changing faster than anyone could have predicted. And the ICO is already in full swing issuing fines to firms globally. Getting out ahead of this will protect and better position your company for the future. Britain’s relationship with the EU is going to change – no matter what type of Brexit we end up with. Companies with a proactive approach to data protection will gain a competitive advantage over their rivals, as well as avoiding untold risks.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: Detecting and preventing market abuse

Market abuse – unlawful disclosure of inside information, insider trading, circular trading, “pump and dump” schemes, etc. – poses significant threats to the integrity of capital markets. In 2024, global trading house Trafigura agreed to pay a $55 million fine to the U.S. Commodity Futures Trading Commission (CFTC) for trading with non-public information, manipulating a...

BLOG

DG FISMA Rejects the ESAs’ Draft RTS for DORA

Less than one week after the Digital Operations Resilience Act (DORA) came into full force in the EU, the Directorate-General for Financial Stability, Financial Services and Capital Markets Union (DG FISMA) issued a letter to the Chair of the Joint Committee of the European Supervisory Authorities (ESAs) rejecting the draft regulatory technical standards (RTS) submitted...

EVENT

Data Licensing Forum 2025

The Data Licensing Forum will explore industry trends, themes and specific developments relating to licensing of financial market data from Exchanges and Data Vendors.

GUIDE

AI in Capital Markets: Practical Insight for a Transforming Industry – Free Handbook

AI is no longer on the horizon – it’s embedded in the infrastructure of modern capital markets. But separating real impact from inflated promises requires a grounded, practical understanding. The AI in Capital Markets Handbook 2025 provides exactly that. Designed for data-driven professionals across the trade life-cycle, compliance, infrastructure, and strategy, this handbook goes beyond...