About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

No-Deal Brexit Could Threaten GDPR Compliance

Subscribe to our newsletter

By Alex Scheinman, Director, ACA Compliance

Despite its crucial importance, data protection in a post-Brexit world is not getting the attention it deserves. UK firms have spent a significant time preparing for the General Data Protection Regulation (GDPR) as members of the EU. However, Brexit means that they may have to comprehensively re-think their approach and get ready to tackle GDPR from outside of Europe – a very different proposition. Those that fail to comprehend the full impact of Brexit on UK data protection could be in for a nasty shock.

As it creeps closer every day, Brexit, whatever its final form, is threatening to force British companies to reassess how they approach GDPR and data protection. A no-deal Brexit remains a possibility – albeit a slim one – and UK firms have to be prepared for every conceivable type of Brexit. In the worst-case scenario, the EU would no longer automatically confirm the UK as meeting adequate standards for data protection – and the UK would drop down to “third country” status. Data wouldn’t flow from the EU to the UK unless British companies established legal safeguards, such as Standard Contractual Clauses, to remain compliant on data security. Should this happen, companies would be forced to revisit their previous GDPR preparations. Data flows would have to be re-examined to identify personal data transfers from the EU, and new mechanisms would need to be put in place to legitimise these cross-border transfers.

GDPR unquestionably poses a massive question for British firms. But more generally, any organisation that keeps a record of EU personal data is also at risk of being affected. Retail banks and financial managers are obvious culprits for holding customers’ personal data, but asset management firms, whose customers are other institutions, may not think that it does apply. This sort of assumption might not only prove to be wrong, but also costly. Data privacy audits show that company information on HR matters, compensation, contractor relationships, due diligence and so on, can create surprising exposure to GDPR liability.

GDPR is emerging as the new global standard. In an example of the “Brussels effect,” non-EU companies around the world have begun choosing to implement GDPR even though they are not required to. While GDPR compliance will be essential for UK companies doing business in Europe, it may well become requisite in business dealings around the world. Consequently, revisiting GDPR programs early and being prepared for the possibility of a no-deal Brexit are swiftly becoming existential issues.

Reviewing your company’s GDPR plan makes sense from a variety of business perspectives, not just in relation to Brexit. Helping you to reduce, quantify, and manage your risk is an obvious advantage. But this also spills over into other benefits: you avoid the potential for crushing fines; you demonstrate to customers and partners that their data is secure with your company; and you are prepared to effectively manage the inevitable data breaches. But perhaps most importantly, you project the right kind of corporate image by avoiding the wrong kind of headlines. The importance of this cannot be understated in a world where poorly handled data breaches tarnish reputations and destroy trust.

Recent, high-profile leaks have led to people around the world developing a new relationship with their personal data. The expectations over how this data is used and protected are changing faster than anyone could have predicted. And the ICO is already in full swing issuing fines to firms globally. Getting out ahead of this will protect and better position your company for the future. Britain’s relationship with the EU is going to change – no matter what type of Brexit we end up with. Companies with a proactive approach to data protection will gain a competitive advantage over their rivals, as well as avoiding untold risks.

Subscribe to our newsletter

Related content


Recorded Webinar: How to optimise and streamline regulatory reporting using outsourced and managed services

Regulatory reporting remains a top agenda item at many financial institutions as they struggle to implement new regulations and updates, capture and manage required data, and achieve compliant reporting. These issues can pile pressure onto compliance teams and drain resources from other parts of the business, but there are solutions. This webinar will consider how...


Nasdaq Enters Definitive Agreement to Acquire Adenza, Plans Expansion of Regtech Reach

Nasdaq has entered a definitive agreement to acquire Adenza, a provider of risk management and regulatory solutions, from software investment firm Thoma Bravo. The $10.5 billion cash and shares deal will significantly increase Nasdaq’s offerings across regulatory technology, compliance, and risk management, and complement its marketplace technology and anti-financial crime solutions. It will also expand...


RegTech Summit London

Now in its 8th year, the RegTech Summit in London will bring together the RegTech ecosystem to explore how the European capital markets financial industry can leverage technology to drive innovation, cut costs and support regulatory change.


Regulatory Data Handbook 2023 – Eleventh Edition

Welcome to the eleventh edition of A-Team Group’s Regulatory Data Handbook, a popular publication that covers new regulations in capital markets, tracks regulatory change, and provides advice on the data, data management and implementation requirements of more than 30 regulations across UK, European, US and Asia-Pacific capital markets. This edition of the handbook includes new...