The CBI will today warn the government that the UK is heading for a “data cliff edge” if it doesn’t accelerate efforts to seal a transitional deal on post-Brexit data flows to protect the UK’s digital economy after March 2019.
The comments will be made by deputy director-general, Josh Hardie, at the business lobbyist’s National Cyber Security Conference in London.
He’ll argue that the despite the good work undertaken by the government to introduce the GDPR into UK law with the Data Protection Bill, there’s much to do to ensure data flows can continue unhindered after the UK formally leaves the EU on 29 March 2019.
In the long-term, an “adequacy decision” is needed by the European Commission to prove UK laws and standards meet EU standards.
“Adequacy is the gold standard for data flows and is proof that a country has a business environment that really protects data. But unless the Brexit negotiations find another way, getting such a deal would mean first becoming a ‘third country’. In other words, we’d need to leave the EU before that process could even begin,” Hardie will tell attendees.
“The last major data deal between the EU and a third country was with New Zealand and that took four years. We don’t have four years. We can’t afford to wait for that deal to be made because businesses are facing decisions today.”
Although the government recognized the need for a transition deal and adequacy in a recent working paper, it needs to deliver on this fast to protect a digital economy worth £240bn, according to the CBI.
“Without this vital bridge, firms risk being left with no legal certainty when transferring and processing data. We can’t let that happen. Because the people this will impact the hardest are the people running small and medium-sized firms, who are already finding the transition tough,” Hardie will conclude.
“This isn’t just an academic argument. It really will affect jobs, growth and prosperity across the UK. But if we can get the right transition deal in place, we can protect our data-driven businesses and the £240 billion they bring to our economy.”
However, experts have warned that the mass surveillance powers granted to the state in the Snoopers’ Charter may yet scupper any adequacy decision, as it means EU citizens’ data held in UK datacenters could be surveilled by the authorities.