Brexit could cost UK firms £1.6bn if data-sharing agreement isn’t reached

Organisations will be forced to channel money into compliance activities or required goods and services after 31 December

Brexit

Businesses face an aggregate cost of between £1 billion and £1.6 billion if no data adequacy agreement is reached between Europe and the UK as they scramble to adapt to data flow disruption.

Once the Brexit transition period ends on 31 December, the legal basis for transferring personal data between the UK and EU member states fundamentally changes. Though UK businesses can still transfer data to the EU, an adequacy agreement needs to be reached in order to ensure the continued flow of data from the EU to the UK. 

Failing that, organisations face high costs that stem from the need to invest in compliance obligations, such as standard contractual clauses (SCCs) which need to be set up individually to ensure the continued flow of data. 

This is according to academic modelling by UCL and the New Economics Foundation (NEF), which projects the need for additional spending on behalf of businesses to comply with the new reality post-Brexit.

Although the Data Protection Act 2018 largely enshrined the principles of GDPR into UK law, an adequacy agreement isn’t guaranteed, and various factors could influence the EU’s decision. Among these are how willing the UK may be to bend the strict data protection principles when negotiating the terms of any future trade deal with the US. 

The additional expenditure represents the money that companies would have been free to spend on other areas of the business that they’ll instead be forced to channel into compliance activities, or investing in goods and services.

The modelling has broken down the projected costs businesses of particular sizes could face, ranging from £3,000 for a micro business to £162,790 for a large business. Small businesses face roughly £10,000 in additional compliance costs, with the figure rising to £19,555 for a medium-sized firm.

In addition to these costs, no adequacy decision would have further economic consequences, including the increased risk of GDPR fines, reduction in EU-UK trade, reduced investment, and the relocation of business functions, infrastructure and personnel.

“The combination of a potential no-deal Brexit, coupled with the ongoing Covid-19 pandemic, means that business and the economy can ill afford more cost, complexity, and risk,” the report said. “Although the adequacy decision is in the hands of the European Commission, the UK government still has a large part to play.

“All parties hope that the outcome of the last few years of Brexit negotiations will be a comprehensive partnership agreement. This will be an important achievement of huge social and economic significance. Without a wider agreement on the future relationship, adequacy will be very hard to attain.”

UCL and REF also issued seven recommendations that the government should follow to make life as easy as possible for UK businesses concerned or anxious about the impact of no adequacy agreement post-Brexit.

Among these directives, the government should explain how the changes to the UK’s data protection regime will also strengthen and enhance the rights of UK citizens, and also consider the impact of future trade deals on data protection.

The government should also strengthen measures to support businesses. These include raising awareness of the risks a lack of adequacy agreement, provide simple tools to allow UK organisations to continue to use SCCs, as well as setting aside funds to ensure that struggling businesses can afford to comply with the new requirements.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021
BackupAssist teams with Wasabi to offer cheaper backup for businesses
backup

BackupAssist teams with Wasabi to offer cheaper backup for businesses

6 Jan 2021
Data: A resource much too valuable to leave unprotected
Whitepaper

Data: A resource much too valuable to leave unprotected

2 Dec 2020
Webhose and Signal Corp boost data breach detection
Security

Webhose and Signal Corp boost data breach detection

7 Oct 2020

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021