Brexit could cost UK firms £1.6bn if data-sharing agreement isn’t reached

Organisations will be forced to channel money into compliance activities or required goods and services after 31 December

Brexit

Businesses face an aggregate cost of between £1 billion and £1.6 billion if no data adequacy agreement is reached between Europe and the UK as they scramble to adapt to data flow disruption.

Once the Brexit transition period ends on 31 December, the legal basis for transferring personal data between the UK and EU member states fundamentally changes. Though UK businesses can still transfer data to the EU, an adequacy agreement needs to be reached in order to ensure the continued flow of data from the EU to the UK. 

Failing that, organisations face high costs that stem from the need to invest in compliance obligations, such as standard contractual clauses (SCCs) which need to be set up individually to ensure the continued flow of data. 

This is according to academic modelling by UCL and the New Economics Foundation (NEF), which projects the need for additional spending on behalf of businesses to comply with the new reality post-Brexit.

Although the Data Protection Act 2018 largely enshrined the principles of GDPR into UK law, an adequacy agreement isn’t guaranteed, and various factors could influence the EU’s decision. Among these are how willing the UK may be to bend the strict data protection principles when negotiating the terms of any future trade deal with the US. 

The additional expenditure represents the money that companies would have been free to spend on other areas of the business that they’ll instead be forced to channel into compliance activities, or investing in goods and services.

The modelling has broken down the projected costs businesses of particular sizes could face, ranging from £3,000 for a micro business to £162,790 for a large business. Small businesses face roughly £10,000 in additional compliance costs, with the figure rising to £19,555 for a medium-sized firm.

In addition to these costs, no adequacy decision would have further economic consequences, including the increased risk of GDPR fines, reduction in EU-UK trade, reduced investment, and the relocation of business functions, infrastructure and personnel.

“The combination of a potential no-deal Brexit, coupled with the ongoing Covid-19 pandemic, means that business and the economy can ill afford more cost, complexity, and risk,” the report said. “Although the adequacy decision is in the hands of the European Commission, the UK government still has a large part to play.

“All parties hope that the outcome of the last few years of Brexit negotiations will be a comprehensive partnership agreement. This will be an important achievement of huge social and economic significance. Without a wider agreement on the future relationship, adequacy will be very hard to attain.”

UCL and REF also issued seven recommendations that the government should follow to make life as easy as possible for UK businesses concerned or anxious about the impact of no adequacy agreement post-Brexit.

Among these directives, the government should explain how the changes to the UK’s data protection regime will also strengthen and enhance the rights of UK citizens, and also consider the impact of future trade deals on data protection.

The government should also strengthen measures to support businesses. These include raising awareness of the risks a lack of adequacy agreement, provide simple tools to allow UK organisations to continue to use SCCs, as well as setting aside funds to ensure that struggling businesses can afford to comply with the new requirements.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Ubiquiti insider says the company downplayed the severity of a major breach
data breaches

Ubiquiti insider says the company downplayed the severity of a major breach

31 Mar 2021
Forex broker FBS leaves millions of customer records exposed
data breaches

Forex broker FBS leaves millions of customer records exposed

25 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021