FR-circle SUBSCRIBE
FR-circle SUBSCRIBE

Finance firms risk data rule breaches in no-deal Brexit

Financial services firms need to be aware of rule changes in the event of a no-deal Brexit which could cause data breaches and lead to hefty fines, EY has warned.

Related topics:  Regulation
Rozi Jones
6th March 2019
fine ban warning red card
"UK financial services firms spent large amounts to get ready for GDPR but they must again ensure that their data systems are ready for a possible no-deal Brexit. "

The UK Government says it intends to enact statutory instruments in the event of a no-deal to ensure a legal status quo for data transferring outside of the UK.

However the European Commission has said it would not provide immediate data adequacy for the UK in the event of a no-deal.

A no-deal Brexit would therefore mean personal data cannot be sent from the EU to the UK unless firms have taken specific mitigating action.

The penalties for breaching the rules are high, with firms facing fines of 4% of turnover or €20 million, whichever is higher.

The Bank of England’s Financial Policy Committee warned in its February 2019 meeting that the lack of data adequacy could “restrict EU households and businesses from continuing to access UK financial service providers.”

It is unclear how long it would take the UK to gain data adequacy from the EU if there was a no-deal Brexit. If there is an agreed deal then transfers would not be restricted through the proposed transition period to the end of 2020.

EY’s own polling, from February 2019, found almost a quarter (24%) of financial services firms see the issue of data transfers as one of their top three worries around Brexit.

Steve Holt, UK and EMEIA financial services partner at EY, commented: “UK financial services firms spent large amounts to get ready for GDPR but they must again ensure that their data systems are ready for a possible no-deal Brexit. With fines of 4% of turnover as well as the reputational damage of any misstep, it should be a key priority. Many firms have already addressed this, but time is running out for those yet to have taken the necessary steps.

“Firms also need to be aware of risks from their clients and suppliers as individual firms are still responsible for their customer data with third parties. There may also be a need to update privacy notices, as these often require explicit consent if data is transferred outside of the EU.”

 

More like this
Latest from Property Reporter
Latest from Protection Reporter
www.barcadiamedia.co.uk
Advice for Readers

While this website is checked for accuracy, Barcadia Media Limited are not liable for any incorrect information included. We recommend that you make enquiries based on your own circumstances.

Useful Links
Financial Reporter and financialreporter.co.uk are trading styles of Barcadia Media Limited. Barcadia Media Limited is registered in England & Wales No. 6970806 Registered address.
Barcadia Media Ltd, 14 Edward Street, Blackpool, Lancashire , FY1 1BA. Data Protection Notification No: Z162 1548.
CLOSE
Subscribe
to our newsletter

Join a community of over 30,000 intermediaries and keep up-to-date with industry news and upcoming events via our newsletter.