What does Brexit mean to data processing?

The British decided! On June 23, 2016, the people of the United Kingdom voted to withdraw from the European Union.

Now what does this mean?

Shared service centers, which should operate on a transatlantic level, are often located in the United Kingdom or Ireland. Here, the language is not a barrier, but a link between the old and new world.

If you look closely at the UK, it is obvious that the financial industry is of utmost importance to the country, and this industry processes a large amount of personal data. When Great Britain withdraws from the EU, and thus also from the EU General Data Protection Regulation, questions arise regarding the processing of this data.

From now until the completion of Brexit, companies will not face a gap in compliance for data transfers. However, things will get interesting when the EU Commission determines the appropriate level of data protection for Great Britain. The EU Commission makes this decision for every country outside of the EU/the EAW (the third countries).

European companies will likely regard Great Britain with suspicion as a member of The Five Eyes countries, and pass on the uncertainty regarding the level of data protection. (This could have implications for the retail industry.)

The bottom line is that large parts of the banking world may turn their backs on the island. And should the IT functions of companies process the personal data of EU citizens, those companies would be well advised to move their processing capacities to Central Europe.

The costs for European customers will increase, and the financial industry — Great Britain’s prospering industry — could experience job losses as well as a deterioration of the economic situation.

Jörg Asma is Head of Cybersecurity in Central & Eastern Europe. With more than 15 years of experience he supports governmental and international organizations develop more skills and deeper knowledge on Security and Resilience issues, as well as security strategies. Additionally he is widely recognized as a speaker for domestic and international events, talking about recent and upcoming security challenges connecting business and IT. Advising clients, deep diving into their challenges and finding excellent solutions together with his international team drives his daily business and his absolute passion.


  1. Not only that but many of our data processing must be done in the EU for Data Protection rules… if we’re no longer a part of the EU then this may change forcing costs up!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: