The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

No-Deal Brexit Could Threaten GDPR Compliance

By Alex Scheinman, Director, ACA Compliance

Despite its crucial importance, data protection in a post-Brexit world is not getting the attention it deserves. UK firms have spent a significant time preparing for the General Data Protection Regulation (GDPR) as members of the EU. However, Brexit means that they may have to comprehensively re-think their approach and get ready to tackle GDPR from outside of Europe – a very different proposition. Those that fail to comprehend the full impact of Brexit on UK data protection could be in for a nasty shock.

As it creeps closer every day, Brexit, whatever its final form, is threatening to force British companies to reassess how they approach GDPR and data protection. A no-deal Brexit remains a possibility – albeit a slim one – and UK firms have to be prepared for every conceivable type of Brexit. In the worst-case scenario, the EU would no longer automatically confirm the UK as meeting adequate standards for data protection – and the UK would drop down to “third country” status. Data wouldn’t flow from the EU to the UK unless British companies established legal safeguards, such as Standard Contractual Clauses, to remain compliant on data security. Should this happen, companies would be forced to revisit their previous GDPR preparations. Data flows would have to be re-examined to identify personal data transfers from the EU, and new mechanisms would need to be put in place to legitimise these cross-border transfers.

GDPR unquestionably poses a massive question for British firms. But more generally, any organisation that keeps a record of EU personal data is also at risk of being affected. Retail banks and financial managers are obvious culprits for holding customers’ personal data, but asset management firms, whose customers are other institutions, may not think that it does apply. This sort of assumption might not only prove to be wrong, but also costly. Data privacy audits show that company information on HR matters, compensation, contractor relationships, due diligence and so on, can create surprising exposure to GDPR liability.

GDPR is emerging as the new global standard. In an example of the “Brussels effect,” non-EU companies around the world have begun choosing to implement GDPR even though they are not required to. While GDPR compliance will be essential for UK companies doing business in Europe, it may well become requisite in business dealings around the world. Consequently, revisiting GDPR programs early and being prepared for the possibility of a no-deal Brexit are swiftly becoming existential issues.

Reviewing your company’s GDPR plan makes sense from a variety of business perspectives, not just in relation to Brexit. Helping you to reduce, quantify, and manage your risk is an obvious advantage. But this also spills over into other benefits: you avoid the potential for crushing fines; you demonstrate to customers and partners that their data is secure with your company; and you are prepared to effectively manage the inevitable data breaches. But perhaps most importantly, you project the right kind of corporate image by avoiding the wrong kind of headlines. The importance of this cannot be understated in a world where poorly handled data breaches tarnish reputations and destroy trust.

Recent, high-profile leaks have led to people around the world developing a new relationship with their personal data. The expectations over how this data is used and protected are changing faster than anyone could have predicted. And the ICO is already in full swing issuing fines to firms globally. Getting out ahead of this will protect and better position your company for the future. Britain’s relationship with the EU is going to change – no matter what type of Brexit we end up with. Companies with a proactive approach to data protection will gain a competitive advantage over their rivals, as well as avoiding untold risks.

Related content


Upcoming Webinar: Managing unstructured data to ensure regulatory compliance and add value

Date: 2 November 2021 Time: 11:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes As unstructured data floods into capital markets in the wake of traditional structured data, firms must manage both data types and ensure ease of access to extract data required for regulatory compliance efficiently and effectively. Beyond compliance, firms can...


GRAC Service Provider RiskBusiness Launches GDPR Equivalency Checker

Governance, risk, audit and compliance (GRAC) content and service provider RiskBusiness has introduced a GDPR Equivalency Checker ahead of new EU data privacy requirements coming into effect later this month. The new tool is targeted at all financial services firms impacted by the incoming changes under the so-called Schrems II legislation that comes into effect...


RegTech Summit New York City

Now in its 5th year, the RegTech Summit in NYC explores how the North American financial services industry can leverage technology to drive innovation, cut costs and support regulatory change.


High Performance Technologies for Trading

The highly specialised realm of high frequency trading without doubt is a great driver for a range of high performance technologies that are becoming essential tools for Wall Street. More so than the now somewhat pedestrian algorithmic trading and analytics/pricing applications that are usually cited as the reason that HPC is hitting the financial markets,...