With Brexit, businesses both inside and outside of the UK will have to navigate a new path when it comes to moving data to and from Britain to countries in the EU. The European Union (EU) General Data Protection Regulation (GDPR) is arguably one of the most significant pieces of privacy law yet enacted, creating a headache for businesses as they invest time and resources to comply by 2018, when the laws become fully enforceable.
For British businesses the exit from the EU could have a long lasting impact. The exit cuts off the UK from a bloc of 27 countries that up until now it was able to freely trade with on both an economic and information level. With 78% of the UK economy (2016) being services, with a majority of those services being data that is freely moved across borders into Europe. While most feel that the European Union over regulates, the fact remains that whether Britain is part of the EU or not British companies and organisation wishng to do business and move data across border in EU member countries will still be forced to comply with these strict privacy laws. A good example of this already in practice is the Safe Harbour agreement between the United States and the EU which allows compliant American companies to move data between countries.
Brexit could make running a business in the UK much more difficult. For multi-nationals the simple act of transferring data between offices becomes fraught with legal risks. For some companies relying on model clauses regulated by service providers to allow the transfer of data to non-EU countries, which ensures compliance with EU data protection rules, using mechanisms such as the EU-US Privacy Shield. Businesses can also set up their own instruments through Binding Corporate Rules (BCRs). While multi-nationals will already these kinds of mechanisms to move data across the globe, they wil need to add a new layer.
However, the break away from the EU will take approximately two years to complete, in which during this time negotiators from the UK will unravel the it’s legal involvement with the EU, and put in place a transitional agreement that will lead to a long term path that will allow businesses to function in the and move data across borders.