UK businesses are stepping up their preparations for a potentially tortuous split from the EU, with a third moving some operations to the continent to avoid data privacy regulatory issues, according to new research.
Business process outsourcer Parseq polled 500 decision makers in businesses with 250+ employees about how Brexit might impact their current data privacy obligations.
Although the GDPR is technically transposed into UK law, the country will require an “adequacy decision” from the European Commission to ensure unhindered data flows after it leaves the trading bloc – something that is certainly not guaranteed.
That’s why the vast majority (89%) of firms polled by Parseq said they’d taken proactive measures.
Around a third (35%) said they’d refocused their client base to the UK, while a similar number (32%) had transferred operations to the EU.
Nearly two-fifths (37%) said they have audited data flows to and from the EU and even more (42%) have sought advice from regulator the Information Commissioner’s Office (ICO).
Craig Naylor-Smith, managing director at Parseq, argued that UK firms are currently operating on shifting sands given the lack of clarity over post-Brexit data transfer arrangements.
“The Data Protection Act (2018) transposed the GDPR into UK law, but if the rules in Europe diverge once we leave the EU it could make transferring personal data to and from the continent more difficult — a vital consideration for businesses in our increasingly connected, digital world,” he added.
“With this in mind, it’s encouraging to see so many firms take proactive steps to prepare for the prospect of regulatory changes. However, with an even proportion of firms increasing their European presence and refocusing their position to the UK, it’s clear the best course of action will depend on individual strategies.”
The bottom line is: UK businesses must consider how Brexit could impact data privacy regulations as a matter of urgency, he said.