Hypothetical ‘Brexit’ – What does that mean for data laws?

June 13, 2016 12:57 pm Back to News & Offers

Brexit Image of FlagsVoting for the EU referendum takes place on 23rd June, a mere 10 days away. There is a lot of speculation circling from both parties as to the consequences of a Brexit. Out campaigners are focusing more on the benefits of border control and membership fees to the EU (which may be around £8.5Bn – depending on how you look at the instant rebate and any money spent on the UK thereafter). In campaigners are choosing to emphasize the importance of free trade to the European markets, arguing the benefits are outweighing the costs.

Whichever way we look at it, what happens after the vote is, as I said, speculation. Neither party can say with 100% certainty “This WILL happen…”.

Best case scenario

Should the ‘out’ campaign win the EU referendum, the best case scenario would be for the UK to quickly negotiate trade terms with the EU and maintain its position as the financial hub of Europe. However, this may prove more difficult than it seems…*

What about businesses?

For companies like us who regularly handle data of both UK citizens and those of EU member states, the concerns of such Brexit consequences are on the forefront of our minds. A recent report by the Guardian shows that Britain’s technology industry is strongly opposed to the possibility of leaving the EU. There are concerns about the accessibility of EU based customers, and the negotiating power British companies have when convincing those to set up large scale operations within the UK. These concerns are echoed in the study, which reveals that 87% of British tech firms are against leaving the EU. However, it’s worth stating again… all opinions are speculation, or at most, best-guess.


If, as you’re ramping up plans to ensure GDPR compliance come 2018, you hear something along the lines of “well, come the 23rd of June, we may not be in the EU anyway…” simply ignore it and carry on. For those who are not aware of the GDPR, you can read a little summary we put together here. The new regulation will come into effect in 2018 and it enables heavier fines for non-compliance as well as a range of additional aspects such as the notorious ‘right to be forgotten’.

What if we leave?

Let’s entertain the notion that the UK has just voted to leave the EU.

ManThe most likely, and easiest, direction to go would be for the UK to align their data protection laws with something similar to (or exactly the same as) the EU regulations (as is
the case with Switzerland). This would mean a quick resolution to data trading/movement throughout the UK and Europe. However pro-Brexit campaigners would most likely argue against such compliance, maintaining the opinion that the EU is still influencing our laws – one of the reasons we hypothetically left.

It does not matter if you are a company based in the UK, or that your data is stored on servers located within the UK – you will still be expected to comply. The focus of the GDPR is on the consumer, not the business. If the data can identify an EU citizen, then compliance is mandatory. Either way it’s looking likely that a GDPR style regulation would almost certainly have to come into effect.

It’s also worth mentioning that ties to the EU will not be cut overnight. Officially severing all ties could take years, and 2018 isn’t that far away – there is a minor issue regarding falling into a regulatory ‘grey’ area while we cut off ties and negotiate new trade deals. The safest option here would most likely be to comply with the GDPR regardless anyway – again, not pleasing any pro-Brexit campaigners.

The trade-off… (*)

Mentioned earlier under in the best case scenario section, negotiations over trade deals may be harder than it seems. This is due to the importance of the EU market, but also the importance of self-regulation (border control etc..).

Campaigners arguing to stay in the EU see free-trade with the EU market as one of the most important (if not THE most important) issue surrounding the whole referendum. The EU have the power to grant us free trade with EU markets but at the cost of free movement of labour, such a deal would only weaken border control – nullifying one of the pillars of the pro-Brexit campaign. British tech firms recognise this need for skills and expertise from foreign countries, hence their opposition to a Brexit.

There is a distinct trade-off between control of UK borders and setting our own laws and free access to the EU markets – something that could be very costly if not successfully negotiated.

Article references
Computer weekly – Don’t think that Brexit will save you from the EU data protection rules
Business insider – Brexit could have a devastating effect on the UK tech industry
Guardian – Britain’s tech sector overwhelmingly opposed to Brexit