Brexit’s data compliance burden could cost UK firms up to £1.6BN, says think tank

An analysis of the total cost to UK customs if the country fails to gain an adequacy agreement from the European Commission formerly it leaves the alliance at the end of the year — appointing barriers to inbound data flows from the EU — indicates the price in pure compliance calls could be between PS1BN and PS1. 6BN.

The assessment of the economic impacts if the UK is deemed a third country under EU data rules has been carried out by the New Economics Foundation( NEF) think tank and UCL’s European Institute study centre — with health researchers attending interrogations with over 60 legal professionals, data protection officers, business representatives, and academics, from the UK and EU.

They are reckoning that the average compliance cost for an affected micro business will be PS3, 000; or PS10, 000 for a small business; PS19, 555 for a medium business; and PS162, 790 for a large business.

” This additional cost stems from the additional compliance obligations- such as setting up standard contractual clauses( SCCs)- on companionships that want to continue transfer data from the EU to the UK ,” they write in the report.” We accept our modelling is a relatively conservative think as it is underpinned by moderate presumptions about the firm-level cost and number of corporations changed .”

An adequacy agreement refers to a status that can be conferred on a country outside the European Economic Area( as the UK will be once the Brexit transition is over) — if the EU’s executive sees the levels of data protection in the country are essentially equivalent to what’s to be submitted by European law.

The UK has said it wants to gain an adequacy agreement with the EU as it works on implementing the 2016 referendum vote to leave the bloc. But there are doubts over its chances of obtaining the coveted status — not least because of surveillance capabilities enshrined in UK law since the 2013 Snowden disclosures( which disclosed the extent of Western governments’ snoop on digital data flows ).

Broad strengths that sanction UK state organizations’ digital surveillance have faced a number of legal challenges under UK and EU law.

UK surveillance regime dealt another blow in court

The government has also signalled any plans to’ liberalize’ domestic data ordinances as it leaves the EU — writing in a national data strategy published in September that it wants to ensure data is not” inappropriately confined” by regulations” so that it can be used to its full potential”.

But any moves to denude the UK’s data protection standards risk an’ imperfect’ ascertaining by the Commission.

Europe’s top courtroom, meanwhile, has set a clear line that governments cannot use national defence to bypass general principles of EU law, such as proportionality and respect for privacy.

Another major — and most relevant — ruling by the CJEU this summer nullified an adequacy status the Commission had previously conferred on the US, striking down the EU-US Privacy Shield transatlantic data transfer mechanism. It does not bode well for the UK’s chances of adequacy.

The court also made it clear that the most used alternative for international transportations( a law tool called Standard Contractual Clauses, aka SCCs) must be addressed proactive investigation from EU regulators when data is flowing to third world countries where citizens’ report could be at risk.

Europe’s top tribunal strikes down flagship EU-US data transfer mechanism

The thousands of companies that had been relying on Privacy Shield to rubberstamp their EU to US data flows are now scrambling for alternatives on a dispute by action basis — with enormously increased law likelihood, intricacy and administration requirements.

The same is certainly true in very short order for scores of UK-based data controllers that want to continue being able to receive inbound data flows from consumers in the EU after the end of the Brexit transition.

Earlier this month the European Data Protection Board( EDPB) put out 38 pages of steering for those trying to navigate brand-new legal uncertainty around SCCs — in which it warned there may be situations where no supplementary quantifies will suffice to ensure adequate protection for a specific transfer.

The solution in such a case might expect relocation of the data processing to a site within the EU, the EDPB said.

Europe keeps out advice on fixing international data movement that’s cold comfort for Facebook

” Although the UK has high standards of data protection via the Data Protection Act 2018, which play-act the General Data Protection Regulation( GDPR) in UK law, an EU adequacy decision is not guaranteed ,” the NEF/ UCL report forewarns.” Possible EU concerns with UK national security, surveillance and human rights frameworks, as well as a future busines be addressed with the US, make sufficiency unsure. Furthermore, EUUK data spurts are at the fad of the wider Brexit process and arbitrations .”

Per their analysis, if the UK does not get an adequacy decision it will face an increased risk of GDPR penalizes due to increased compliance requirements.

The General Data Protection Regulation sanctions civil penalties for violations of the framework that can scale up to 4% of an entity’s world-wide annual turnover or EUR2 0M, whichever is greater.

The report also prophesies a reduction in EU-UK trade, specially digital sell; reduced investment( domestic and international ); and the relocation of business affairs, infrastructure, and staff members outside the UK.

The researchers argue that more research is needed to support a wider macroeconomic assessment of the value of data spurts and adequacy decisions — saying there’s a rarity of studies on” the value of data flows and sufficiency decisions in general” — before adding:” EU-UK data spurts are a crucial enabler for thousands of businesses. These flows underpin core business operations and activities which add significant quality. This was not a digital tech sector question- the whole economy relies on data spurts .”

The report makes a number of recommendations — including advocate the UK government to start” relevant data and pattern implements” available to support empirical study on the social and economic impacts of data protection, digital swap, and the value of data flows to help shape better public policy and debate.

It too calls for the government to set aside funds for struggling UK SMEs to help them with the costs of be conducted in conformity with Brexit’s legal data burden.

” Our report concludes that no sufficiency decision has the potential to be a contributing factor which erodes the competitiveness of key UK services and digital technology sectors, which have performed extremely strongly in recent years. Although we do not want to exaggerate the effects — and no adequacy decision “re a long way from” fiscal armageddon — this outcome would not be ideal ,” they add.

You can speak the full report here.

Worried about a’ no spate’ brexit? UK startups should check the present guidelines

Read more:

No Luck
No prize
Get Software
Free E-Book
Missed Out
No Prize
No luck today
Free eCourse
No prize
Enter Our Draw
Get your chance to win a prize!
Enter your email address and spin the wheel. This is your chance to win amazing discounts!
Our in-house rules:
  • One game per user
  • Cheaters will be disqualified.