A new report has warned that a no-deal Brexit could cost the UK up to £1.6 billion to comply with EU data transfer requirements.
The New Economics Foundation report says that companies that transfer data between the UK and the EU will face additional costs of between £1 billion and £1.6 billion from implementing transfer tools.
This breaks down to around £3,000 to £10,000 for micro and small businesses and up to £162,790 for large businesses, the report said.
“EU-UK data flows are a crucial enabler for thousands of businesses. These flows underpin core business operations and activities which add significant value. This is not just a digital tech sector issue – the whole economy relies on data flows,” a statement for the New Economic Foundation says.
In addition to the extra cost of compliance for companies, the report says that a no-deal Brexit brings increased risks of GDPR fines, less EU-UK trade, reduced investment, and the risk of businesses relocating parts of their operations outside the UK.
Privacy rights in the EU and UK are protected by GDPR, which mandates that data remains protected should it be transferred to external territories.
At present, there are several transfer tools that provide a legal framework to ensure that data privacy is maintained outside the EU and EEA. However, the process of ensuring that the data is secure when it leaves GDPR-compliant countries can be long and costly.
The EU currently has a list of territories that it deems to have adequate data protection, greatly simplifying the process. These include countries like Canada, Switzerland and the three crown dependencies, Jersey, Guernsey, and the Isle of Mann.
However, despite the UK having implemented GDPR along with the rest of the EU in 2018, the UK is not currently on the list of adequate territories. This is down to many factors, such as the increased use of surveillance by the UK government, the prospect of a UK-US trade deal, and the country’s role in the Five Eyes intelligence alliance.
As such, any data transfers that take place between the EU and the UK without a deal in place will have to to use existing data transfer tools, adding a financial burden to companies.
The report emphasised the importance of ensuring that the UK receives adequacy status from the European Commission before the Brexit deadline.
However, should no deal be struck, the report made several recommendations to ensure smooth operations.
It called on the UK government to clarify how the country’s post-Brexit data protection regime will strengthen the rights of UK and EU citizens, and to provide tools to help organisations to continue using existing data transfer tools, especially due to issues around the Schrems II court case.
The report also called for the government to set aside funds to helps SMEs comply with the new requirements.
- EDPB releases guidance for EU-US data transfers
- Digit Q&A | Calum Smeaton, CEO of TVSquared
- Comment | Digital transformation in a post-Covid era
With the UK’s transition period from the EU expiring at the end of 31st December 2020, both sides have less than six weeks to agree on a deal. Recent reports have suggested that progress is being made, though the exact details remain to be seen.
Bank of England Governor Andrew Bailey has also warned that a no-deal Brexit poses a greater long-term economic threat than the Covid-19 pandemic.
In comments to the Commons Treasury committee, he warned that failing to negotiate a deal would disrupt cross-border trade and make a future economic partnership between the EU and UK more difficult.