How Brexit Affects Businesses and the GDPR


Brexit — the United Kingdom’s decision to withdraw from the European Union — has substantial impact on businesses, including the ways in which they collect, store, and share customer data. Some business owners might assume that Brexit frees them from the European General Data Protection Regulation (GDPR), but that’s not entirely true.

Many UK Companies Do Business With Customers From EU Countries

The GDPR won’t impact UK companies who operate exclusively within the United Kingdom, but if your business works with customers in EU countries, you’re required to follow GDPR regulations once they take effect in 2018. This is why businesses in the UK should still familiarize themselves with the GDPR and its potential impact on their organizations.

While the GDPR features several parts, its core focus is on customer rights and freedoms. Specifically, the GDPR allows customers to do the following, among other things:

  • Exercise the “right to be forgotten,” which means that they can request data erasure if they don’t want your company to store or share their personal data
  • Have their data ported to new service providers upon request
  • Opt in to programs that allow their personal data to be shared with third parties
  • Receive information about data breaches that impact their rights or freedoms
  • Request full disclosure of the data collected by companies and organizations

If your company works with B2B or B2C customers in the EU, you must follow the GDPR to avoid hefty fines. GDPR will allow authorities to impose fines of up to the greater of €10m or 2 percent of annual turnover. Such fines could easily cripple a company — especially a startup or a business with unstable cash flow.

Customers Will Begin to Expect Increased Data Transparency

The GDPR focuses intently on data transparency. The Information Commissioner’s Office authorities want customers to know exactly how organizations collect and use their personal data, and as citizens adjust to those changes, they might begin to expect UK companies to follow suit. Failing to offer data transparency might harm businesses’ reputations and reduce customer loyalty.

Some of the precautions that UK companies might want to implement include the following:

  • Allowing customers to give informed consent to data collection and usage
  • Notifying all affected customers of a data breach
  • Permitting customers to request and receive data erasure
  • Providing access to collected data without administrative fees

Keep in mind that the GDPR can apply even if you don’t accept money from EU customers. The regulations apply to organizations that collect data on EU citizens. For instance, if you build a free mobile app that EU citizens use, and you collect data based on how they use your app, you must still comply with the GDPR.

Brexit doesn’t exempt UK companies from the GDPR. If you run a business in the UK, you still need to know your obligations with regard to data security and transparency. Even if you don’t collect information about EU citizens, following the GDPR codes could improve your brand image and increase customer loyalty.

Image via Flickr by

Leave a Reply

Your email address will not be published. Required fields are marked *