Expert opinion: The data privacy implications of a no-deal Brexit

“The growing prospect of a no-deal Brexit could have a major impact not just on the UK economy, but also on how organisations comply with GDPR. We all know the major headlines, but the devil is in the detail for businesses faced with widespread regulatory change.

“In a no-deal scenario, Britain would become a ‘third country’ – neither in the EU nor officially in line with EU regulations. That would mean that UK companies may have to employ a staff member within the EU to act as an intermediary on GDPR compliance. Furthermore, if a company has multiple European operations and has the UK as its lead supervisory authority, then they could no longer rely on the “one-stop-shop” provision and would have to deal with multiple European agencies. This would be expensive and time-consuming, and could lead to serious delays in compliance and potential data exposure during the changeover.

“UK companies’ use of data storage in the USA would also be in question under no-deal. We currently operate under the US-EU Privacy Shield agreement. If the UK crashes out of that framework, companies might need to re-evaluate their contracts with US-based storage providers to guarantee compliance with GDPR.

“Organisations need to prepare in advance to handle the data challenges of a no-deal Brexit. They need to have deep insight into the data they hold and where it’s stored – and under which jurisdiction – to ensure they can effectively plan their compliance efforts. By employing advanced analytical tools, businesses can quickly get a clear view of what personal and sensitive information they’re holding and where – as well as deciding on the next best action to take.

“We’re used to hearing the impact of no-deal described as ‘Project Fear’. UK organisations need to respond with ‘Project Prepared’ – taking the initiative now and equipping themselves with the tools to quickly review their compliance landscape.”

By David Smith, Head of GDPR Technology, SAS UK & Ireland