The clock won’t be turned back on reform of data protection laws, warns legal, risk and governance experts following UK’s decision to leave EU
Speaking before an audience of over 200 senior managers from across the financial services sector, experts from leading international law firm Simmons & Simmons and Henley Business School agreed that reform of the Data Protection Act 1998 is still on the cards following the UK’s historic vote to leave the EU, although they stopped short of predicting the DPA 1998 would be scrapped altogether.
Alexander Brown, partner at Simmons & Simmons and head of the firm’s TMT sector group commented: “While there was stiff opposition to many measures contained in the EU General Data Protection Regulation during the negotiations with the UK Government, it’s highly unlikely that the Data Protection Act 1998 will remain in place without some form of reform. In any event, it will be difficult to avoid the implications of the GDPR for many FS clients that conduct business across the EU and therefore will need to comply with it.”
”The really interesting question – as yet to be decided – is whether the European Commission will recognise the UK as an ‘adequate country’ for the purposes of cross-border personal data transfers or whether the UK could suffer the same fate as the US where transfers of data have been made more problematic through the scrapping of the US Safe Harbor” adds Brown.
According to the experts, the most likely outcome is that the EU will make a determination in favour of the UK as an ‘adequate country’ given its been at the forefront of providing legal protection for consumers with respect to personal data for over three decades. The UK was one of the first countries in the world to empower its Data Protection Authority to impose fines for personal data breaches.
There are also other significant business continuity challenges ahead for the financial services sector, warns Bryan Foss visiting lecturer at Henley Business School.
“Since the stock market blip in 2008, FS firms have seen record fines and profit impairments as a direct result of poor identification of operational risks. Lack of training and preparing for personal data breaches is a significant internal training issue that many companies are still failing to implement and this is now key to effective risk and governance management where the personal data of millions of customers across the EU is being processed,” Foss says.
A new DPO Programme for the FS sector has been launched by Henley Business School and a sneak preview is available here.
Although competition law is unlikely to change fundamentally as the UK negotiates its exit over the next two years, the future interpretation, amendment or replacement of UK competition law will add further uncertainty for the FS sector over the medium-long term.