Category Archives: Brexit

What to expect after the election – post-election analysis

Polling station sign

The result of the 2017 general election has resulted in a hung parliament

What business needs to prepare for in a hung parliament

As the clock struck ten on election night, it was all over. Theresa May’s gamble had failed to pay out. The majority was lost. An unexpected swing to Labour across key and unexpected constituencies took place, offset by a strong swing against the SNP. A surge in young voters turning out and a complete collapse of the UKIP vote meant that the 42% won by the Conservatives and the 40% won by Labour no longer resulted in a landslide, but a hung parliament.

Before the election, VinciWorks published an outline of what to expect after the election from a Conservative or Labour government. Neither of those results has come to pass, so here’s what business could expect, and should prepare for, in this new reality.

A hard Brexit won’t happen

There simply isn’t a majority in Parliament for the hard Brexit that Mrs May was proposing. Cutting off British access to the customs union and single market as the Conservative party wanted looks likely to be set adrift. The Tory’s partners in Parliament, the Northern Irish Democratic Unionist Party, while themselves cheerleaders of Brexit, want a softer version and a frictionless border with the Republic of Ireland, and thus the EU.  
Continue reading

What to expect after the election

Number 10 Downing Street

What business needs to prepare for no matter who walks into Number 10

Theresa May called a general election expecting, we all assume, that she would have an easy ride back into 10 Downing Street. While she still enjoys a commanding lead over the Labour party, this has narrowed in recent weeks. The Tories are still odds-on favourite to win, although elections can often throw up surprises.

Now the manifestos of all the major parties have been published, we can glean some idea of what will be changing in the compliance landscape no matter who the Prime Minister will be after the election. Of course, should the election result in a hung parliament, manifesto pledges can be traded and bartered away, and promises made before an election can often be forgotten in the glow of victory.

Nevertheless, it’s always a good idea to consider the potential risks of an election outcome, and start to prepare accordingly.
Continue reading

How Brexit and Trump could cause a data protection headache

Donald Trump

The risks of a hard brexit

Regardless of what the UK does with GDPR after Brexit, the biggest threat to data protection is from an exit from the EU without any deal. This is the so-called hard Brexit and fallback to World Trade Organisation rules until a further agreement is reached, or not. It’s the kind of Brexit Theresa May and many inside the Conservative party and Leave camp have called for. As we have seen, the crucial component for the UK after Brexit is to be judged as offering an adequate level of protection by the European Commission.

A hard Brexit with no deal means no assessment of adequacy. Furthermore, the UK cannot apply to the European Commission for an assessment of adequacy, that determination can only be given by the Commission itself. If the negotiations turned sour and both parties decided to walk away with no deal, perhaps due to the estimated €60bn leaving bill, there might not be much goodwill left to speed up a UK adequacy determination for GDPR.
Continue reading

Will Brexit Affect the Fourth Money Laundering Directive?

Probably not. Here are four reasons why.

The problemBrexit Money Laundering Terrorist Financing

In the immediate wake of Brexit, there was considerable confusion surrounding the details and ramifications of the UK leaving the European Union. That confusion is unlikely to dissipate any time soon. Regulatory uncertainty will be a reality until the ink has dried on a separation agreement.

Money laundering laws under Brexit are particularly flummoxing. The EU’s Fourth Anti-Money Laundering Directive came into force in June 2015. It requires European member states to update their respective money laundering laws and “transpose” the new requirements into local law by 26 June 2017.

This timetable for transposition, aligning UK and EU law, clashes head on with the timetable for Brexit. Continue reading

Notwithstanding the fear and uncertainty — Brexit will not affect data protection laws

Brexit will not affect data protection laws

There has been a lot of confusion and fear mongering around the implications of Brexit to data protection law.

However, despite the current media frenzy, nothing will actually change in the short term. The Data Protection Act 1998 is an Act of UK Parliament and remains the law of the land regardless of the UK’s EU status. The ICO made this point clear when it released a prompt statement on 24 June:

“The Data Protection Act remains the law of the land irrespective of the referendum result.”

In other words, for at least the next two years there will effectively be no changes to data protection laws.

Brexit and GDPR

As we have reported, the European Union will likely sign General Data Protection Regulation (GDPR) into law in 2016. The regulation represents the most significant global development in data protection law since the EU Data Protection Directive in 1995 and, due to the sweeping changes, firms are already investing serious resources in preparation for GDPR.

The crux is that a “regulation”, unlike a “directive”, is applicable in all EU member states without the need for national legislation. The expected enforcement date is spring 2018, right around the expected official Brexit date. With the UK leaving the EU, technically GDPR no longer applies and the UK is not currently working on a similar update to its data protection laws.

Therefore, the question on everybody’s mind is: will UK companies need to adhere to GDPR after Britain exits the union?

The likely answer is yes. GDPR, or some form of it, will be binding for UK companies regardless of Brexit, and companies should continue preparing for the regulations. There are two main reasons for this.

1. GDPR applies to non-EU companies

The regulation states that it applies to any non-EU companies that process the data of EU residents. This is true even if a company has no physical presence in the EU. Therefore, for most UK companies, the cost of doing business with Europe will be adhering to GDPR.

2. The ICO intends to introduce ‘adequacy’

According to the ICO statement from 24 June 2016:

“If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”

The ICO is signalling that it will push the UK legislature to implement laws that are similar to GDPR in order to facilitate cross-border commerce.

The danger here is that the ICO might have to negotiate a ‘Model Clause’ contract that companies can use to facilitate and regulate transfer of data between EU and non-EU countries. This process has been fraught with issues in US-EU relations, with the European Court of Justice overturning the Safe Harbour treaty in October and officials scrambling to negotiate the new EU-US Privacy Shield.

Alternatively, Parliament will implement data protection laws that are identical or similar enough to the GDPR. In that scenario the UK and EU could come to an understanding that data can flow securely and freely across borders without the need for companies to have Model Clauses.

Next steps

In spite of Brexit, companies should continue preparing for GDPR as if Remain won the referendum. If you are responsible for implementing compliance with GDPR and you do not know where to start, the ICO has published a guide with 12 steps to take right now in order to prepare for the GDPR.