Businesses in the UK could be hit with up to £1.6 billion ($2.14 billion) worth of extra costs just to make sure that data can continue to flow legally with the European Union from the start of 2021, unless a deal is achieved on the issue in time for the Brexit deadline.
A new report[1] from the New Economics Foundation, together with University College London's (UCL) Europe Institute, found that between legal expenses and new compliance mechanisms, businesses could end up facing large bills to comply with European data protection law in a no-deal scenario.
The researchers estimated that compliance costs will range from an average £3,000 ($4,000) for a micro business to almost £163,000 ($218,000) for a large company. Inevitably, smaller firms with no legal departments and fewer financial resources will be less prepared for, and therefore harder hit by, the new requirements.
As the UK exits the EU on 1st January 2021, so will the country leave the bloc's common set of data protection rules known as the General Data Protection Regulation (GDPR[2]). The GDPR enables the personal data of EU citizens to travel freely across borders since information is processed in countries that all adhere to the same regulation. As soon as the UK leaves the EU, it will also cease to be part of the GDPR-covered zone – and other mechanisms will be necessary to allow data to move between the two zones.
The UK government, for its part, has already green-lighted the free flow of digital information from the UK to the EU, and has made it clear that it hopes the EU will return the favor. This would be called an adequacy agreement – a recognition that UK laws can adequately protect the personal data of