Britain and the European Union in 2021: Getting to grips with GDPR and global relations

Since Britain left the European Union on 31st January 2021, many businesses have been getting to grips with what this means for them.

From supply chain complications and staff shortages to confusion around GDPR and new data privacy laws, almost all aspects of businesses have been impacted by Brexit.

To mark the six month anniversary, Techerati has spoken to four technology business leaders to determine the impact that Brexit has had on their business.

What Brexit has meant for businesses

 Whilst it’s still very early days for Brexit, which has been masked by the COVID-19 pandemic since February 2020, “we are starting to notice the first signs now: late deliveries caused by a lack of lorry drivers, basic essentials such as wood running short because of import difficulties, or restaurants and construction sites that can’t open because staff have vanished back to the EU during the pandemic – some of them no doubt on paid furlough,” explains Martin Taylor, Deputy CEO and Co-Founder at Content Guru.

“Brexit specifically changes to the UK’s immigration system, have heralded a new era for the UK and talent management. Over the last six months, companies have struggled with staff shortages as restrictions on overseas hiring have come into force. Indeed, recent research found that over half (55%) of technology professionals believe that Brexit will negatively affect the industry by widening the skills gaps that are already prevalent,” agrees Ian Rawlings, Regional Vice President at SumTotal Systems.

“As organisations navigate shrinking talent pools, never has it been so important to build – and retain – skilled employees. Succession planning is key in future-proofing the workforce: identifying and developing future leaders, not just at the top but for major roles at all levels. By investing in skills development, it is possible to generate all the talent an organisation needs. Indeed, as Brexit continues to impact the ever-growing skills gap, investing in talent is no longer a ‘nice to have’, the future of business depends on it.”

The Brexit deal has also forced businesses to move some of their centres and investments in order to continue global operations.

“Until a few years ago, all of our data centres used to be in the UK. We have now added several more data centres in the EU, North America and Asia. We chose some of these new locations because of Brexit, whilst others formed part of our planned global rollout,” explains Taylor.

“We have continued to expand our UK cloud technology platform, facilities and headcount, but Brexit has meant more of our investment has shifted to the EU. Initially, due to lack of clarity around plans for EU-UK data sovereignty, and later to accommodate customer preferences post-Brexit, we’ve had to move all of our EU data processing to within the Single Market. Before Brexit, providing services for any of our European markets from Britain wasn’t a problem, with the exception of the ultra-conservative Germans, who won’t accept any data processing taking place outside their national borders.”

 What’s next for GDPR?

 The introduction of GDPR in 2018 had businesses scrambling to ensure that they were data compliant. As an EU regulation, Brexit has left the status of data compliance uncertain.

 “The key question this decision poses for UK firms is… are we no longer required to adhere to GDPR? Yes, and no. The UK’s national data protection laws have been deemed as “essentially adequate” to the terms of the GDPR, despite no longer being subject to these terms. The good news is, UK companies do not have to change how they are currently storing and protecting their data, as GDPR is retained in domestic law in the UK sitting alongside an amended version of the Data Protection Act of 2018,” explains Filipe Lousa, Director of Privacy and Compliance at Globalization Partners.

However, the recent TIGRR (Taskforce on Innovation, Growth and Regulatory Reform) report has detailed its recommendations to the Prime Minister on how the UK can reshape its approach to data regulation and seize new opportunities from Brexit. Included in the report are calls from the Government for reforms on stronger rights and powers to consumers and citizens to place proper responsibility on companies using data.

“If applied correctly, reforms could be a huge improvement on what we have today and an opportunity for the UK to forge its own path when the sunset clause is up on our adequacy status from the European Commission. The terms simple, agile and proportionate are used positively, but I don’t think the value of consumer data should be used as a way to attract business or indeed as a saleable asset,” explains Michael Queenan, Co-Founder and CEO of Nephos.

“The TIGRR report refers to using common law which, personally, I think is the wrong way to look at it. We need a fit for purpose UK Data Privacy Law directing how certain types of data should be classified, stored and processed. It should then state what companies are allowed to use consumer data for without the consumer’s individual consent, rather than a generic opt-in process. If you take cookies, for example, most people just click accept when they come so they can get onto a particular website – not many people read the T&Cs.”

“It is a bold statement for the UK to want to adopt a fully independent data policy, and the European Commission’s recognition of the UK’s high data protection standards will enable us to focus on the power of data to drive innovation and boost the economy. For companies operating in and with the UK, there will be no additional barriers or hoops to jump through when it comes to data flow, plus the added peace of mind for a continued high level of protection for personal data. The UK’s plan to give stronger rights and powers to its citizens and companies using data looks to be well underway,” furthers Lousa.

“It is time to start applying approaches to data governance that are suited to the way data is being used now and putting data owners consent at its core for publicly used data. We should all be responsible for our own data, not the companies that have access to it,” concludes Queenan.