Brexit could cost UK firms £1.6bn if data-sharing agreement isn’t reached
Organisations will be forced to channel money into compliance activities or required goods and services after 31 December
Businesses face an aggregate cost of between £1 billion and £1.6 billion if no data adequacy agreement is reached between Europe and the UK as they scramble to adapt to data flow disruption.
Once the Brexit transition period ends on 31 December, the legal basis for transferring personal data between the UK and EU member states fundamentally changes. Though UK businesses can still transfer data to the EU, an adequacy agreement needs to be reached in order to ensure the continued flow of data from the EU to the UK.
Failing that, organisations face high costs that stem from the need to invest in compliance obligations, such as standard contractual clauses (SCCs) which need to be set up individually to ensure the continued flow of data.
This is according to academic modelling by UCL and the New Economics Foundation (NEF), which projects the need for additional spending on behalf of businesses to comply with the new reality post-Brexit.
Although the Data Protection Act 2018 largely enshrined the principles of GDPR into UK law, an adequacy agreement isn’t guaranteed, and various factors could influence the EU’s decision. Among these are how willing the UK may be to bend the strict data protection principles when negotiating the terms of any future trade deal with the US.
The additional expenditure represents the money that companies would have been free to spend on other areas of the business that they’ll instead be forced to channel into compliance activities, or investing in goods and services.
The modelling has broken down the projected costs businesses of particular sizes could face, ranging from £3,000 for a micro business to £162,790 for a large business. Small businesses face roughly £10,000 in additional compliance costs, with the figure rising to £19,555 for a medium-sized firm.
In addition to these costs, no adequacy decision would have further economic consequences, including the increased risk of GDPR fines, reduction in EU-UK trade, reduced investment, and the relocation of business functions, infrastructure and personnel.
“The combination of a potential no-deal Brexit, coupled with the ongoing Covid-19 pandemic, means that business and the economy can ill afford more cost, complexity, and risk,” the report said. “Although the adequacy decision is in the hands of the European Commission, the UK government still has a large part to play.
“All parties hope that the outcome of the last few years of Brexit negotiations will be a comprehensive partnership agreement. This will be an important achievement of huge social and economic significance. Without a wider agreement on the future relationship, adequacy will be very hard to attain.”
UCL and REF also issued seven recommendations that the government should follow to make life as easy as possible for UK businesses concerned or anxious about the impact of no adequacy agreement post-Brexit.
Among these directives, the government should explain how the changes to the UK’s data protection regime will also strengthen and enhance the rights of UK citizens, and also consider the impact of future trade deals on data protection.
The government should also strengthen measures to support businesses. These include raising awareness of the risks a lack of adequacy agreement, provide simple tools to allow UK organisations to continue to use SCCs, as well as setting aside funds to ensure that struggling businesses can afford to comply with the new requirements.
How virtual desktop infrastructure enables digital transformation
Challenges and benefits of VDIFree download
The Okta digital trust index
Exploring the human edge of trustFree download
Optimising workload placement in your hybrid cloud
Deliver increased IT agility with the cloudFree Download
Modernise endpoint protection and leave your legacy challenges behind
The risk of keeping your legacy endpoint security toolsDownload now