A no-deal Brexit could cost UK firms on data transfers

06 March 2019

  • Share

EY polling, finds almost a quarter (24%) of FS firms see the issue of data transfers as one of their top three worries around Brexit

LONDON, 6th March 2019: Financial services firms need to ensure they do not breach data rules in the event of a no-deal Brexit or risk a fine of up to 4% of turnover, says EY. The warning comes as EY launches a guide* for financial services firms around last minute preparation for a possible no-deal Brexit. 

A no-deal Brexit would mean personal data cannot be sent from the EU to the UK unless firms have taken specific mitigating action. The issue has arisen as the European Commission has said it would not provide immediate data adequacy for the UK in the event of a no-deal. The penalties for breaching the rules are high, with firms facing fines of 4% of turnover or EUR 20 million, whichever is the highest. EY’s own polling, from February 2019**, found almost a quarter (24%) of FS firms see the issue of data transfers as one of their top three worries around Brexit.

Steve Holt, UK and EMEIA Financial Services Partner at EY, comments: “UK Financial Services firms spent large amounts to get ready for GDPR but they must again ensure that their data systems are ready for a possible no-deal Brexit. With fines of 4% of turnover as well as the reputational damage of any misstep, it should be a key priority. Many firms have already addressed this, but time is running out for those yet to have taken the necessary steps.

“Firms also need to be aware of risks from their clients and suppliers as individual firms are still responsible for their customer data with third parties. There may also be a need to update privacy notices, as these often require explicit consent if data is transferred outside of the EU.”
The UK Government intends to enact statutory instruments in the event of a no-deal to ensure a legal status quo for data transferring outside of the UK. This means a no-deal would only be an issue for personal data transferred to the UK from the EU.

The Bank of England’s Financial Policy Committee*** warned in its February 2019 meeting that the lack of data adequacy could “restrict EU households and businesses from continuing to access UK financial service providers.” It is unclear how long it would take the UK to gain data adequacy from the EU if there was a no-deal Brexit. If there is an agreed Brexit deal then transfers would not be restricted through the proposed transition period to the end of 2020.