CEOs fear Brexit will leave firms out of step with GDPR

Business leaders express concerns over future of data protection

Brexit

CEOs are concerned that EU privacy rules will impact their ability to do business after Brexit, according to research by KPMG.

In a survey addressing 100 UK CEOs, 60% believed that their ability to do business will be impaired once Brexit takes place, if British privacy rules are not aligned with the incoming General Data Protection Regulation (GDPR).

Advertisement - Article continues below

Mark Thompson, global privacy advisory lead at KPMG, said: "The worry amongst this cohort of CEOs is understandable. Once GDPR is enforced, it will fundamentally alter the way we live, work and interact with technology, organisations and each other. This revolution will transform the scale, scope and complexity of personal information processed, with personal information being a core component of everything we do."

Ever since the European Commissionconfirmed the new privacy rules in April 2016to increase users' control over their personal data and strengthen data protection policies, many UK CEOs have become concerned that this could negatively impact on their businesses post-Brexit.

Once GDPR is enforced in May 2018,businesses that do not meet these rules will have to either pay sanctions of up to around 16.8 million (20 million), or 4% of their global annual turnover, whichever is higher.

Thompson said: "Whilst the UK is likely to implement the GDPR, Brexit poses some uncertainty on what GDPR will mean to the UK post-Brexit, it is critical to understand that if the UK is going to continue to trade with the EU this free flow of personal information must be maintained. As such we will need to have an 'adequate privacy ecosystem' in operation in the UK which is aligned to the requirements of the GDPR."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In September, the head of information commissioner's office (ICO) Elizabeth Denham toldBBC Radio 4that Britain should adopt the European legislation.

Denham said: "I don't think Brexit should mean Brexit when it comes to standards of data protection. In order for British businesses to share information and provide services for EU consumers, the law has to be equivalent."

Statements made by the UK government suggest the UK will try to adopt GDPR while negotiating its exit from the EU, but that it is likely to draw up equivalent legislation once it is no longer part of the EU.

Thompson said: "The Information Commissioner's Officeremainsadamant regarding the need for strong, equivalent privacy law in the UK regardless of the outcome of Brexit."

In order to prepare for GDPR after Brexit, Thompson suggested that organisations make significant improvements to their privacy control environment, rethinking the way in which they collect, store and use personal data.

Thompson said some immediate steps that companies could take to prepare for GDPR post-Brexit are to bring the implications of GDPR to the board's attention, understand the state of their current data protection rules, and to draw up a plan on bringing them in line with GDPR.

Advertisement

Recommended

Visit/policy-legislation/data-protection/355184/supreme-court-finds-morrisons-was-not-liable-for-2014
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020
Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/policy-legislation/data-protection/354814/google-to-shift-uk-user-data-to-the-us-post-brexit
data protection

Google to shift UK user data to the US post-Brexit

20 Feb 2020

Most Popular

Visit/security/cyber-security/355200/spacex-bans-the-use-of-zoom
cyber security

Elon Musk's SpaceX bans Zoom over security fears

2 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020