Whatever date we leave the EU, customers need to know they can reliably and securely access the information we hold
When we leave the EU, the UK will have “third-country” status with the EU. This will change how we can work with EU member states. It will also have obvious repercussions for UK businesses and organisations, two-thirds of which believe Brexit will have an impact upon them, according to a YouGov survey.
This rapidly changing political landscape has limited the ability of UK companies to plan for the future. So, despite much encouragement from business leaders and government, at the end of 2018, 69 percent of employees with less than 10 employees admitted in a British Chambers of Commerce survey that they had not done a risk assessment of the impact of Brexit on their business.
The impact of Brexit on data protection
One of the central pillars of the EU, of course, is the free flow between member states not just of people and finance, but also data.
Currently, personal information flows unrestricted between the UK and Europe because we are an EU member state. And, if parliament had approved Teresa May’s proposed EU withdrawal agreement, nothing much would have changed before 2020, giving time for other arrangements to be put in place for the long-term.
However if that deal is finally rejected, there is no clarity about what might happen next. If there is a no deal, then we immediately step outside the rules and regulations of the EU. This can have all kinds of implications for the many companies that process and transfer data across borders.
While this might not in practice affect a small hotel in Northumberland taking a telephone booking from someone in France, the impact of Brexit on technology companies — or indeed any business using a cloud service that stores or processes data outside the UK — could be significant.
According to the Information Commissioner’s Office (ICO), this might mean, for example, that personal data transferred out of the UK to European Economic Area (EEA) countries might be stopped from flowing in temporarily until additional measures are established to make that data flow compliant with EU laws. The ICO has issued helpful FAQs to guide them in making changes to how they process personal data of individuals in the EU.
Data protection after Brexit
One of the key pieces of pre-Brexit data privacy legislation affecting us, of course, is GDPR. So, as long as we abide by its stipulations, we will be operating to the same data regulations as businesses in Europe. Obviously, this is of immense help in terms of ensuring we remain compliant with EU law and so can still operate seamlessly within Europe.
If Britain were to rescind, repeal or step out of the GDPR regulations in future, which would have consequences that we would have to deal with. There seems to be no evidence that will be the case, as the UK government has already indicated it understands the importance of the free flow of information between the EU and the UK, and it has stated its intention to take steps to facilitate the flow of personal data to the EU.
Obviously, we will have to take the lead from the UK Information Commissioner’s Office and European Data Protection Board, going forward. And, if there are changes to data protection regulations that impact how customers use the platform, we will ensure this is managed and clearly communicated.