No-deal Brexit data – should firms worry?

Data representation Image copyright Getty Images

“Take steps now to keep receiving data legally from the EU.”

That’s the message for businesses in a full page government advert in the Financial Times and elsewhere.

It goes on to warn that after 31 October “you may need to update your contracts.”

But just how worried should companies big and small be about handling data in the event of a no deal Brexit?

The advert tells readers to follow the step-by-step guide at

But when you arrive there, finding your way to the advice about data is not straightforward.

I found that I had to pretend to be a business and answer a whole series of questions before I was presented with the information.

So here is the key issue. Right now data can flow freely across the EU as long as companies conform to its tough new General Data Protection Regulation (GDPR).

And as the GDPR is being incorporated wholesale into UK law, there should be no real change after Brexit – as long as we leave with a deal.

But if there is no deal, we will be treated as an external country, needing what is called an adequacy ruling showing our data protection standards are up to scratch – and the European Commission has indicated that this would not happen in a hurry.

So what do businesses need to do? Well, sending data to the EU will apparently be no problem because the UK government has decided it is happy with European standards.

But if you receive data – perhaps a lists of names and addresses of customers – from a company in the EU or the wider European Economic Area then you will need to take action.

The advice is that you should “review your contracts and, where absent, include Standard Contractual Clauses (SCC) or other Alternative Transfer Mechanisms (ATM) to ensure that you can continue to legally receive personal data from the EU/EEA.”

Err – right. I can hear dozens of small business owners gulping at that.

But the site then sends them over to the Information Commissioner’s Office to find a handy interactive tool which will allow them to work out just how to craft one of these clever contracts.

Don’t worry, the government site says, “for most organisations, especially SMEs, taking the required action isn’t highly costly and doesn’t always require specialist advice.”

But don’t think you can just ignore the problem.”If you fail to act, your organisation may lose access to personal data it needs to operate.”

Big companies are likely to have addressed this issue. One payments firm told me it had


 »