Trade after Brexit: a guide to maintaining data security and compliance

ISO-accredited Transalis sets out help for companies 

Many of our clients do business in the EU, managing sales, marketing and supply chain activities that cross international boundaries. 

Manufacturers, retailers and logistics firms are among those with directly employed workforces in Europe, wholesale and dropship contracts as part of distribution networks, and responsibilities to observe regulatory compliance when trading. 

Deal or no deal, these companies and organisations will naturally want to stay legal on the use of data from day one of whatever Brexit scenario plays out. 

While there continues to be a lack of clarity around Brexit, there are some key data issues that could pose risks without adequate preparation.   

This short guide is intended to summarise the steps to take to mitigate the risks. 

Ensure your data management partner is ‘Brexit-proof’

To start with, the good news is that whether you are based in the UK or another EU country, your post-Brexit transactions involving Transalis solutions will be legal, secure and reliable. We know this because we operate a comprehensive system of data security and risk management controls that underpin our hugely successful cloud platform for automating transactions worldwide. 

You don’t have to take our word for it. We have formal international certification to prove it. The International Standards Organisation, ISO, has recognised the strengths of our data security policies with the much-coveted ISO 27001 accreditation. 

This completely independent endorsement demonstrates our best-in-breed capability for clients and industry partners who need a secure, fully managed supply chain solution. We have ensured that our ISO-governed processes will apply to all Brexit scenarios and enable our clients to continue to trade in both the UK and EU should they so wish.

Make sure you are already GDPR-compliant 

The main legal requirement relating to data protection and privacy remains the General Data Protection Regulation (GDPR). Whatever the Brexit scenario, GDPR will continue to apply to the UK as it does now so it is essential to be compliant with it.   

Consider the possible Brexit outcomes and risks 

Under GDPR, data can of course flow freely across the EU as long as companies conform to the rules. Since GDPR is incorporated wholesale into UK law, there would be no change at all if we avoid Brexit or if we leave with a deal that covers this. 

If the UK leaves the EU without a deal, the UK government has still said it will allow personal data to flow from the UK to the rest of the EU. This is obviously helpful if you are a business here with data centres in another EU country or if you transfer a lot of personal data, or you provide digital services for customers in the EU. However, it’s not clear as yet whether or not the EU will allow data to go from its countries to the UK in the same way, so firms have been advised by the government to ‘update contracts’. 

If we leave with no deal we can assume that the EU will have to treat us as an external country and then there will need to be an ‘adequacy ruling’ by the European Commission to confirm that our data protection standards are up to scratch. This, like so much else with Brexit, is unchartered territory and it is not necessarily something that would be sorted out in a hurry. It all points to the likelihood that transferring personal data out of the EU to the UK under the rules of GDPR will be more tricky because it will need a legal basis for doing so which won’t be there in the case of no-deal.

Therefore, if you are a UK business or organisation with an office, branch or other established presence in the EU (and for that matter the wider European Economic Area, so including Norway, Iceland and Liechtenstein), or if you have customers in the EU or EEA, it’s sensible advice that you should prepare for the eventuality that you will need to comply with both UK and EU/EEA data protection regulations and you may need to designate a representative in the EU/EEA to demonstrate compliance there. As your ISO-accredited data service supplier, Transalis has already considered what needs to be done for cross-border data transfers and made sure that our solution will guarantee compliance.  

What you need to do, and how we will help     

In a no deal scenario, and pending clarity from the European Commission, companies will need to put adequate safeguards in place to protect data transfers. Safeguards could include ‘binding corporate rules’ and ‘standard contractual clauses’. You may also need to consider the impact of a new ePrivacy Regulation, due to come into force in the EU. You may even have to appoint a representative in the EU if you sell or market goods and services to individuals in the EEA. 

In any event, we will help you audit your use of data to understand the transfers that take place in your business and with partners, and in your trading arrangements between the UK and EU/EEA. We will then discuss with you the most suitable data safeguards to put in place, how they would work in practice and how business impacts can be managed. 

About Transalis

We help clients drive business growth by connecting supply chains digitally. Our global platform enables businesses to trade with anyone, anywhere using cloud-managed services. Based in the UK, we currently facilitate the exchange of millions of documents a year, underpinning billions of pounds’ worth of stock orders and invoices across 32 countries in and beyond the EU. We service a community of more than 10,000 organisations in sectors such as retail, manufacturing, distribution, logistics, health and beauty, and FMCG. 

To discuss how we can help you navigate Brexit and develop a plan to cover legislative and policy changes affecting data handling and security, contact us on 0845 123 3476 or visit transalis.com.