Category Archives: Brexit

VinciWorks updates several courses in light of Brexit

GDPR training screenshot
GDPR: Privacy at Work is one of the seven courses we have updated in light of Brexit

On 31 January 2020, the UK’s membership in the EU ended, and Britain entered a transitional period that will last until 31 December 2020. To prepare for the change, there was a flurry of Brexit-related legislation passed. One central piece of legislation with a wide-ranging impact that changed is GDPR, which has been replaced in UK law with the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019. The impact of Brexit on each business will depend on its type and the locations in which they collect and process data, but there is sure to be some level of impact for everyone.

On-demand webinar: Is GDPR over? What Brexit means for UK data protection law

A number of our courses required minor amendments following the UK’s departure from the EU on 31 January 2020. Mainly, these changes affected our suite of data protection training, which now includes an opening paragraph making it clear that mentions of GDPR in the course refer to both the EU GDPR rules as well as UK GDPR rules, unless otherwise stated.

Continue reading

What Brexit means for UK data protection law


10 things you need to know about Brexit and GDPR

What’s happening on Friday 31 January 2020?

From Friday 31 January 2020, European rules and regulations stopped having effect in the UK by virtue of the fact that the UK’s membership in the EU will end. Britain has now entered a transitional period which will last until 31 December 2020.

To prepare for this change, the government passed a flurry of Brexit-related legislation in recent years. The one relating to data protection is the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019.

How much of an impact will Brexit have on business?

While there is sure to be some level of impact for everyone, the impact of Brexit on each business will depend on the type of business and, most importantly, in which jurisdiction they collect and process data. Due to the Brexit transition period, the impact is unlikely to be immediate.

Continue reading

The elections are coming – Regulatory Agenda for the 2019 UK elections

Image showing someone voting in the UK general elections
The UK goes to the polls in a critical election on 12 December 2019

To help businesses keep track of updates in UK legislation and policies, VinciWorks regularly publishes a short regulatory update. Since our last update in July, the Prime Minister was unable to fulfill his pledge to take the UK out of the EU by the end of October 2019. As a result, a general election was called for 12 December 2019.

This regulatory agenda is designed to provide an overview of regulatory changes or new regulations recently passed, proposed, or on the agenda which are relevant to key compliance areas of VinciWorks’ clients in the UK. In this election special, the regulatory agenda will focus on the compliance-related manifesto commitments of the main parties.

Parliament was dissolved on 6 November 2019, so there is currently no legislation in progress. However, government consultations remain in progress, as do EU level developments.

This special edition of the Regulatory agenda will cover the following:

  • Manifesto commitments from key parties
  • Upcoming legislation
  • Current open consultations
  • Closed consultations
  • EU developments

You can download this special edition of the regulatory agenda here.

VinciWorks’ Director for Legal Services shares 2019 compliance priorities for solicitors

Director for Legal Services Pip Johnson
Pip Johnson, Director For Legal Services at VinciWorks

In a recent article published by QBE insurance group on the risks that law firms should look out for in 2019, our Director for Legal Services Pip Johnson shared her insights together with other compliance experts.

Pip flagged the Fifth Money Laundering Directive, which must be implemented into national regulations by this time next year. While the Fifth Directive is not as extensive as the Fourth Directive that came into force in 2017, there are still some changes to take on by the beginning of 2020. These changes include the regulation of cryptocurrencies such as Bitcoin, with some firms already having been asked to accept cryptocurrency payments. The Fifth Directive will also see enhanced due diligence requirements. Of course, Pip also discussed the effect Brexit could have on UK lawyers, with the UK due to implement its own Sanctions regime.

Other key takeaways from the interview:

  • EU Council Directive 2018/822, (DAC 6), that came into force last June requiring intermediaries involved in cross border tax transactions to retain details of potentially tax advantageous matters
  • An expected increase of comlaints to the Information Commissioner’s Office (ICO) for GDPR breaches
  • The upcoming reformed SRA Handbook and the new Accounts Rules
  • How Brexit could effect the UK’s laws and regulations and how they apply to UK law firms

You can read the full report from QBE here.

What to expect after the election – post-election analysis

Polling station sign

The result of the 2017 general election has resulted in a hung parliament

What business needs to prepare for in a hung parliament

As the clock struck ten on election night, it was all over. Theresa May’s gamble had failed to pay out. The majority was lost. An unexpected swing to Labour across key and unexpected constituencies took place, offset by a strong swing against the SNP. A surge in young voters turning out and a complete collapse of the UKIP vote meant that the 42% won by the Conservatives and the 40% won by Labour no longer resulted in a landslide, but a hung parliament.

Before the election, VinciWorks published an outline of what to expect after the election from a Conservative or Labour government. Neither of those results has come to pass, so here’s what business could expect, and should prepare for, in this new reality.

A hard Brexit won’t happen

There simply isn’t a majority in Parliament for the hard Brexit that Mrs May was proposing. Cutting off British access to the customs union and single market as the Conservative party wanted looks likely to be set adrift. The Tory’s partners in Parliament, the Northern Irish Democratic Unionist Party, while themselves cheerleaders of Brexit, want a softer version and a frictionless border with the Republic of Ireland, and thus the EU.  
Continue reading

What to expect after the election

Number 10 Downing Street

What business needs to prepare for no matter who walks into Number 10

Theresa May called a general election expecting, we all assume, that she would have an easy ride back into 10 Downing Street. While she still enjoys a commanding lead over the Labour party, this has narrowed in recent weeks. The Tories are still odds-on favourite to win, although elections can often throw up surprises.

Now the manifestos of all the major parties have been published, we can glean some idea of what will be changing in the compliance landscape no matter who the Prime Minister will be after the election. Of course, should the election result in a hung parliament, manifesto pledges can be traded and bartered away, and promises made before an election can often be forgotten in the glow of victory.

Nevertheless, it’s always a good idea to consider the potential risks of an election outcome, and start to prepare accordingly.
Continue reading

How Brexit and Trump could cause a data protection headache

Donald Trump

The risks of a hard brexit

Regardless of what the UK does with GDPR after Brexit, the biggest threat to data protection is from an exit from the EU without any deal. This is the so-called hard Brexit and fallback to World Trade Organisation rules until a further agreement is reached, or not. It’s the kind of Brexit Theresa May and many inside the Conservative party and Leave camp have called for. As we have seen, the crucial component for the UK after Brexit is to be judged as offering an adequate level of protection by the European Commission.

A hard Brexit with no deal means no assessment of adequacy. Furthermore, the UK cannot apply to the European Commission for an assessment of adequacy, that determination can only be given by the Commission itself. If the negotiations turned sour and both parties decided to walk away with no deal, perhaps due to the estimated €60bn leaving bill, there might not be much goodwill left to speed up a UK adequacy determination for GDPR.
Continue reading

Will Brexit Affect the Fourth Money Laundering Directive?

Probably not. Here are four reasons why.

The problemBrexit Money Laundering Terrorist Financing

In the immediate wake of Brexit, there was considerable confusion surrounding the details and ramifications of the UK leaving the European Union. That confusion is unlikely to dissipate any time soon. Regulatory uncertainty will be a reality until the ink has dried on a separation agreement.

Money laundering laws under Brexit are particularly flummoxing. The EU’s Fourth Anti-Money Laundering Directive came into force in June 2015. It requires European member states to update their respective money laundering laws and “transpose” the new requirements into local law by 26 June 2017.

This timetable for transposition, aligning UK and EU law, clashes head on with the timetable for Brexit. Continue reading

Notwithstanding the fear and uncertainty — Brexit will not affect data protection laws

Brexit will not affect data protection laws

There has been a lot of confusion and fear mongering around the implications of Brexit to data protection law.

However, despite the current media frenzy, nothing will actually change in the short term. The Data Protection Act 1998 is an Act of UK Parliament and remains the law of the land regardless of the UK’s EU status. The ICO made this point clear when it released a prompt statement on 24 June:

“The Data Protection Act remains the law of the land irrespective of the referendum result.”

In other words, for at least the next two years there will effectively be no changes to data protection laws.

Brexit and GDPR

As we have reported, the European Union will likely sign General Data Protection Regulation (GDPR) into law in 2016. The regulation represents the most significant global development in data protection law since the EU Data Protection Directive in 1995 and, due to the sweeping changes, firms are already investing serious resources in preparation for GDPR.

The crux is that a “regulation”, unlike a “directive”, is applicable in all EU member states without the need for national legislation. The expected enforcement date is spring 2018, right around the expected official Brexit date. With the UK leaving the EU, technically GDPR no longer applies and the UK is not currently working on a similar update to its data protection laws.

Therefore, the question on everybody’s mind is: will UK companies need to adhere to GDPR after Britain exits the union?

The likely answer is yes. GDPR, or some form of it, will be binding for UK companies regardless of Brexit, and companies should continue preparing for the regulations. There are two main reasons for this.

1. GDPR applies to non-EU companies

The regulation states that it applies to any non-EU companies that process the data of EU residents. This is true even if a company has no physical presence in the EU. Therefore, for most UK companies, the cost of doing business with Europe will be adhering to GDPR.

2. The ICO intends to introduce ‘adequacy’

According to the ICO statement from 24 June 2016:

“If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.”

The ICO is signalling that it will push the UK legislature to implement laws that are similar to GDPR in order to facilitate cross-border commerce.

The danger here is that the ICO might have to negotiate a ‘Model Clause’ contract that companies can use to facilitate and regulate transfer of data between EU and non-EU countries. This process has been fraught with issues in US-EU relations, with the European Court of Justice overturning the Safe Harbour treaty in October and officials scrambling to negotiate the new EU-US Privacy Shield.

Alternatively, Parliament will implement data protection laws that are identical or similar enough to the GDPR. In that scenario the UK and EU could come to an understanding that data can flow securely and freely across borders without the need for companies to have Model Clauses.

Next steps

In spite of Brexit, companies should continue preparing for GDPR as if Remain won the referendum. If you are responsible for implementing compliance with GDPR and you do not know where to start, the ICO has published a guide with 12 steps to take right now in order to prepare for the GDPR.