About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

No-Deal Brexit Could Threaten GDPR Compliance

Subscribe to our newsletter

By Alex Scheinman, Director, ACA Compliance

Despite its crucial importance, data protection in a post-Brexit world is not getting the attention it deserves. UK firms have spent a significant time preparing for the General Data Protection Regulation (GDPR) as members of the EU. However, Brexit means that they may have to comprehensively re-think their approach and get ready to tackle GDPR from outside of Europe – a very different proposition. Those that fail to comprehend the full impact of Brexit on UK data protection could be in for a nasty shock.

As it creeps closer every day, Brexit, whatever its final form, is threatening to force British companies to reassess how they approach GDPR and data protection. A no-deal Brexit remains a possibility – albeit a slim one – and UK firms have to be prepared for every conceivable type of Brexit. In the worst-case scenario, the EU would no longer automatically confirm the UK as meeting adequate standards for data protection – and the UK would drop down to “third country” status. Data wouldn’t flow from the EU to the UK unless British companies established legal safeguards, such as Standard Contractual Clauses, to remain compliant on data security. Should this happen, companies would be forced to revisit their previous GDPR preparations. Data flows would have to be re-examined to identify personal data transfers from the EU, and new mechanisms would need to be put in place to legitimise these cross-border transfers.

GDPR unquestionably poses a massive question for British firms. But more generally, any organisation that keeps a record of EU personal data is also at risk of being affected. Retail banks and financial managers are obvious culprits for holding customers’ personal data, but asset management firms, whose customers are other institutions, may not think that it does apply. This sort of assumption might not only prove to be wrong, but also costly. Data privacy audits show that company information on HR matters, compensation, contractor relationships, due diligence and so on, can create surprising exposure to GDPR liability.

GDPR is emerging as the new global standard. In an example of the “Brussels effect,” non-EU companies around the world have begun choosing to implement GDPR even though they are not required to. While GDPR compliance will be essential for UK companies doing business in Europe, it may well become requisite in business dealings around the world. Consequently, revisiting GDPR programs early and being prepared for the possibility of a no-deal Brexit are swiftly becoming existential issues.

Reviewing your company’s GDPR plan makes sense from a variety of business perspectives, not just in relation to Brexit. Helping you to reduce, quantify, and manage your risk is an obvious advantage. But this also spills over into other benefits: you avoid the potential for crushing fines; you demonstrate to customers and partners that their data is secure with your company; and you are prepared to effectively manage the inevitable data breaches. But perhaps most importantly, you project the right kind of corporate image by avoiding the wrong kind of headlines. The importance of this cannot be understated in a world where poorly handled data breaches tarnish reputations and destroy trust.

Recent, high-profile leaks have led to people around the world developing a new relationship with their personal data. The expectations over how this data is used and protected are changing faster than anyone could have predicted. And the ICO is already in full swing issuing fines to firms globally. Getting out ahead of this will protect and better position your company for the future. Britain’s relationship with the EU is going to change – no matter what type of Brexit we end up with. Companies with a proactive approach to data protection will gain a competitive advantage over their rivals, as well as avoiding untold risks.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: New solutions to the old problems of compliance with communications surveillance regulation

Communications surveillance is an integral element of trading at financial institutions, and its functions are clearly set out in jurisdictional regulations – to capture, record and retain all communications. Essentially, all business related communications must be recorded whatever the underlying mechanism – be it a work phone, personal mobile phone, text, video and so on...

BLOG

The Long and Winding Regulatory Road to MiCA

By Javier Hernani, Head Securities Services, SIX. As we witness a collapse in cryptocurrencies, it is clear nowhere is regulation needed more than in the burgeoning crypto-asset marketplace. Especially in the digital asset class with the largest market capitalisation (estimated to be in the region of $2.3 trillion) – cryptocurrencies. Dominated by the likes of...

EVENT

Data Management Summit New York City

Now in its 12th year, the Data Management Summit (DMS) in New York brings together the North American, capital markets enterprise data management community, to explore the evolution of data strategy and how to leverage data to drive compliance and business insight.

GUIDE

Regulatory Data Handbook 2022/2023 – Tenth Edition

Welcome to the tenth edition of A-Team Group’s Regulatory Data Handbook, a publication that has tracked new regulations, amendments, implementation and data management requirements as regulatory change has impacted global capital markets participants over the past 10 years. This edition of the handbook includes new regulations and highlights some of the major regulatory interventions challenging...