GDPR compliance is the key to a smooth transition through Brexit

Brexit is no longer looming; it's incoming at breakneck speed. While the UK's political climate may have stabilised (relatively speaking) at just the right time to push Brexit over the line, much uncertainty still surrounds its outcome.

Businesses are concerned about what the future holds, and rightfully so. Some have already found their processes and operations complicated by Brexit, and this is just the start. Different industries will find themselves affected in different ways, but one common thread which runs through all is data.

Just as revised data management strategies are starting to bear fruit in the wake of newly introduced regulation, Brexit could again change the way businesses manage their data. Will UK organisations be back to square one?

The current data landscape

Operating in the current data-age has its pros and cons. Customer data, supplier information, and so on, can be channelled into profitable initiatives, but if mismanaged can equally result in fines that damage both finances and reputations.

Presently, UK organisations that manage personal data abide by two prevailing laws. The headline-hitting GDPR came into play in 2018, designed to standardise data protection rules across the European Union. Organisations have struggled to shift into line with GDPR, resulting in hefty fines being dealt for failure to comply. The UK Data Protection Act 2018 (DPA 2018) is a separate regulation that applies to the GDPR, modifying it to enforce a similar level of data protection to areas falling outside of the GDPR's scope.

Brexit's effect on data protection in the UK

During the 11 month transition period, EU law will continue to apply to the UK. GDPR compliance will remain mandatory, with failure to comply continuing to result in fines. But will the regulation be discarded when the UK eventually gains autonomy over its governance?

In short, no. The UK has already committed to absorbing GDPR into domestic law as part of the European (Withdrawal) Agreement, given that the UK was one of the regulation's chief architects. The DPA 2018 will sit alongside GDPR in the UK, a setup which is essential in order for the UK to qualify as a secure third country - a jurisdiction that is maintaining adequate safeguards for citizen data in the eyes of the European Commission. The UK also plans to seek an adequacy agreement once it leaves the EU, which would allow for the continued free flow of data between the two areas, although it's unclear how long this negotiation may take, or even if the EU would grant the status.


Your guide to overcoming Brexit's data management challenges

Understand Brexit and the data law modifications it may cause


This would serve the interests of both the UK and EU member-countries. EU-UK data flows are vital for any business that deals with customers, suppliers or operations in the EU; data-disruption of any kind would cause extreme damage for all economies involved. Simply, disrupting data flows at this scale would be unprecedented.

Of course, theoretically it’s possible that Brexit will pave the way for the UK to define new data protection methods. Indeed, autonomy from the European Commission was a major factor in driving ‘leave’ votes. However, it's currently very unlikely that the UK would seek to carve out its own unique data laws after Brexit, not only because of its staunch support of GDPR in the past, but also because any such changes would need to be ratified by the EU in order for data to continue to flow.

How to make a success of Brexit

The key to a smooth transition through Brexit is ensuring GDPR compliance. For the foreseeable future, the GDPR is set to remain the overarching data protection law in the UK, confirming the UK's status in the short-to-medium term as a secure third country, permitting the exchange of data with EU countries.

Manage Engine, the IT management specialists, have formulated a comprehensive list of data management and security strategies that help businesses prepare and combat new data management challenges as they arise from Brexit. The list stresses the need to strictly adhere to existing privacy policies, particularly in regard to the sharing of data with third parties, and to storing methods and the deletion of data.

Although the GDPR is designed to deal with organisations that manage substantial volumes of data, Brexit may cast a much wider net. Any new regulations that follow Brexit could enforce much stricter data management requirements on individual entities, meaning small organisations and even freelancers would have to start paying more attention to how they gather, manage and use data.

In all, Brexit's uncertainty mustn't be viewed as an excuse to de-prioritise data management. If the right path is not followed into the shroud of uncertainty, businesses may be met with a dead-end.