GDPR compliance is the key to a smooth transition through Brexit

Brexit's effect on data laws demands that data management remains a top business priority for UK organisations

Brexit is no longer looming; it's incoming at breakneck speed. While the UK's political climate may have stabilised (relatively speaking) at just the right time to push Brexit over the line, much uncertainty still surrounds its outcome.

Businesses are concerned about what the future holds, and rightfully so. Some have already found their processes and operations complicated by Brexit, and this is just the start. Different industries will find themselves affected in different ways, but one common thread which runs through all is data.

Advertisement - Article continues below

Just as revised data management strategies are starting to bear fruit in the wake of newly introduced regulation, Brexit could again change the way businesses manage their data. Will UK organisations be back to square one?

The current data landscape

Operating in the current data-age has its pros and cons. Customer data, supplier information, and so on, can be channelled into profitable initiatives, but if mismanaged can equally result in fines that damage both finances and reputations.

Presently, UK organisations that manage personal data abide by two prevailing laws. The headline-hitting GDPR came into play in 2018, designed to standardise data protection rules across the European Union. Organisations have struggled to shift into line with GDPR, resulting in hefty fines being dealt for failure to comply. The UK Data Protection Act 2018 (DPA 2018) is a separate regulation that applies to the GDPR, modifying it to enforce a similar level of data protection to areas falling outside of the GDPR's scope.

Brexit's effect on data protection in the UK

During the 11 month transition period, EU law will continue to apply to the UK. GDPR compliance will remain mandatory, with failure to comply continuing to result in fines. But will the regulation be discarded when the UK eventually gains autonomy over its governance?

Advertisement - Article continues below
Advertisement - Article continues below

In short, no. The UK has already committed to absorbing GDPR into domestic law as part of the European (Withdrawal) Agreement, given that the UK was one of the regulation's chief architects. The DPA 2018 will sit alongside GDPR in the UK, a setup which is essential in order for the UK to qualify as a secure third country - a jurisdiction that is maintaining adequate safeguards for citizen data in the eyes of the European Commission. The UK also plans to seek an adequacy agreement once it leaves the EU, which would allow for the continued free flow of data between the two areas, although it's unclear how long this negotiation may take, or even if the EU would grant the status.

Related Resource

Your guide to overcoming Brexit's data management challenges

Understand Brexit and the data law modifications it may cause

Download now

This would serve the interests of both the UK and EU member-countries. EU-UK data flows are vital for any business that deals with customers, suppliers or operations in the EU; data-disruption of any kind would cause extreme damage for all economies involved. Simply, disrupting data flows at this scale would be unprecedented.

Advertisement - Article continues below

Of course, theoretically it’s possible that Brexit will pave the way for the UK to define new data protection methods. Indeed, autonomy from the European Commission was a major factor in driving ‘leave’ votes. However, it's currently very unlikely that the UK would seek to carve out its own unique data laws after Brexit, not only because of its staunch support of GDPR in the past, but also because any such changes would need to be ratified by the EU in order for data to continue to flow.

How to make a success of Brexit

The key to a smooth transition through Brexit is ensuring GDPR compliance. For the foreseeable future, the GDPR is set to remain the overarching data protection law in the UK, confirming the UK's status in the short-to-medium term as a secure third country, permitting the exchange of data with EU countries.

Manage Engine, the IT management specialists, have formulated a comprehensive list of data management and security strategies that help businesses prepare and combat new data management challenges as they arise from Brexit. The list stresses the need to strictly adhere to existing privacy policies, particularly in regard to the sharing of data with third parties, and to storing methods and the deletion of data.

Advertisement - Article continues below

Although the GDPR is designed to deal with organisations that manage substantial volumes of data, Brexit may cast a much wider net. Any new regulations that follow Brexit could enforce much stricter data management requirements on individual entities, meaning small organisations and even freelancers would have to start paying more attention to how they gather, manage and use data.

In all, Brexit's uncertainty mustn't be viewed as an excuse to de-prioritise data management. If the right path is not followed into the shroud of uncertainty, businesses may be met with a dead-end.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular


Apple confirms serious bugs in iOS 13.5

4 Jun 2020

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020

Picking the perfect multifunction printer

4 Jun 2020