Natalia Drozdiak (Bloomberg) -- The U.K.’s new deal for leaving the European Union hasn’t given companies any certainty about how they should handle the movement of personal data out of the bloc and into Britain.
The country has until at least the end of next year to clinch an agreement with Europe that will allow organizations to freely move data about customers to and from the EU without breaching data protection rules, according to the agreement released on Thursday. Violating the EU’s General Data Protection Regulation policy can lead to fines of as much as 4% of annual sales.
A so-called adequacy decision would add the U.K. to a list of countries whose data laws are accepted as in harmony with Europe’s. But while the U.K. currently adheres to the bloc’s laws, it isn’t a shoe-in. Its data-collection practices for national security purposes are likely to come under heavy scrutiny during a review process that may take years, lawyers have said.
Still, companies will be able to continue transferring data using backup legal mechanisms such as implementing clauses in contracts or putting in binding corporate rules that make the individual businesses compliant with EU rules, though these can be costly and cumbersome, particularly for smaller businesses.