About a-team Marketing Services

A-Team Insight Blogs

No-Deal Brexit Could Threaten GDPR Compliance

Subscribe to our newsletter

By Alex Scheinman, Director, ACA Compliance

Despite its crucial importance, data protection in a post-Brexit world is not getting the attention it deserves. UK firms have spent a significant time preparing for the General Data Protection Regulation (GDPR) as members of the EU. However, Brexit means that they may have to comprehensively re-think their approach and get ready to tackle GDPR from outside of Europe – a very different proposition. Those that fail to comprehend the full impact of Brexit on UK data protection could be in for a nasty shock.

As it creeps closer every day, Brexit, whatever its final form, is threatening to force British companies to reassess how they approach GDPR and data protection. A no-deal Brexit remains a possibility – albeit a slim one – and UK firms have to be prepared for every conceivable type of Brexit. In the worst-case scenario, the EU would no longer automatically confirm the UK as meeting adequate standards for data protection – and the UK would drop down to “third country” status. Data wouldn’t flow from the EU to the UK unless British companies established legal safeguards, such as Standard Contractual Clauses, to remain compliant on data security. Should this happen, companies would be forced to revisit their previous GDPR preparations. Data flows would have to be re-examined to identify personal data transfers from the EU, and new mechanisms would need to be put in place to legitimise these cross-border transfers.

GDPR unquestionably poses a massive question for British firms. But more generally, any organisation that keeps a record of EU personal data is also at risk of being affected. Retail banks and financial managers are obvious culprits for holding customers’ personal data, but asset management firms, whose customers are other institutions, may not think that it does apply. This sort of assumption might not only prove to be wrong, but also costly. Data privacy audits show that company information on HR matters, compensation, contractor relationships, due diligence and so on, can create surprising exposure to GDPR liability.

GDPR is emerging as the new global standard. In an example of the “Brussels effect,” non-EU companies around the world have begun choosing to implement GDPR even though they are not required to. While GDPR compliance will be essential for UK companies doing business in Europe, it may well become requisite in business dealings around the world. Consequently, revisiting GDPR programs early and being prepared for the possibility of a no-deal Brexit are swiftly becoming existential issues.

Reviewing your company’s GDPR plan makes sense from a variety of business perspectives, not just in relation to Brexit. Helping you to reduce, quantify, and manage your risk is an obvious advantage. But this also spills over into other benefits: you avoid the potential for crushing fines; you demonstrate to customers and partners that their data is secure with your company; and you are prepared to effectively manage the inevitable data breaches. But perhaps most importantly, you project the right kind of corporate image by avoiding the wrong kind of headlines. The importance of this cannot be understated in a world where poorly handled data breaches tarnish reputations and destroy trust.

Recent, high-profile leaks have led to people around the world developing a new relationship with their personal data. The expectations over how this data is used and protected are changing faster than anyone could have predicted. And the ICO is already in full swing issuing fines to firms globally. Getting out ahead of this will protect and better position your company for the future. Britain’s relationship with the EU is going to change – no matter what type of Brexit we end up with. Companies with a proactive approach to data protection will gain a competitive advantage over their rivals, as well as avoiding untold risks.

Subscribe to our newsletter

Related content


Recorded Webinar: Proactive RegTech approaches to fighting financial crime

Financial crime is a global problem that costs the economy trillions of dollars a year, despite best efforts by financial services firms, regulators, and governments to stem the flow. As criminals become more sophisticated in how they commit financial crime, so too must capital markets participants working to challenge criminality and secure the global financial...


Best Practice Approaches to Trade Surveillance for Market Abuse

Market abuse is a problem, a very big problem for financial institutions that fall on the wrong side of regulation. Penalties include eye-watering fines, reputational damage and, ultimately, custodial sentences of up to 10 years. Internally, market abuse triggers scrutiny of traders and trading behaviours, a lack of trust and the potential need for significant...


Data Management Summit New York City

Now in its 14th year the Data Management Summit NYC brings together the North American data management community to explore how data strategy is evolving to drive business outcomes and speed to market in changing times.


Regulatory Data Handbook 2023 – Eleventh Edition

Welcome to the eleventh edition of A-Team Group’s Regulatory Data Handbook, a popular publication that covers new regulations in capital markets, tracks regulatory change, and provides advice on the data, data management and implementation requirements of more than 30 regulations across UK, European, US and Asia-Pacific capital markets. This edition of the handbook includes new...