How to avoid data breach pitfalls in the event of a no deal Brexit by Hayes Connor Solicitors

Hayes Connor SolicitorsBy Legal Futures’ Associate Hayes Connor Solicitors

Many businesses will be in limbo with Brexit just weeks away and a no deal exit from the European Union a current reality.

The Information Commissioner’s Office (ICO) has published guidance for UK businesses who operate in Europe or send and receive data from the European Economic Area (EEA) in the event of the UK exiting without a deal.

Kingsley Hayes, managing director at data breach and cyber security specialist Hayes Connor Solicitors, said: “Brexit is a minefield and businesses will have to be agile in the coming weeks, months and years to stay on the right side of the ICO. Its guidance will evolve as Brexit unfolds and it is key that organisations keep up-to-date with the changes that apply to their business.

“Many current privacy and data protection regulations will remain the same on the whole, however, there are some changes that businesses should be aware of and will need to implement if a Brexit deal is not agreed.”

Just as many organisations are getting to grips with the General Data Protection Regulation (GDPR) – an EU regulation – GDPR will no longer be law after the UK leaves. At the time of writing, the government intends to write the regulation into UK law however, some current aspects of GDPR will no longer apply to the UK.

The independent regulator has advised that there will be no change to The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) if the UK leaves with no deal. This applies to businesses who market their products and services by phone, email, text or fax; organisations who use cookies or similar technology, and those who compile a telephone directory.

There will be no change to the Network and Information Systems Regulations 2018 (NIS) for UK businesses who offer digital services such as search engines, cloud computing and online marketplaces within the UK only.

For those currently delivering their digital services to EU member states, a representative may need to be appointed in one of the EU states within which it operates in order to maintain access to European markets. They must also comply with the NIS Directive in that country.

Another EU regulation that will be incorporated into UK law following a no deal Brexit is the eIDAS Regulations which applies to organisations offering trust services such as electronic signatures, seals, time stamps and registered delivery services.

Some changes will be made however, to ensure that it still applies to the UK. Businesses offering their products and services to EU states may also need to comply with EU eIDAS which will no longer be regulated in the UK.

Kingsley Hayes continued: “As we enter a new era, the majority of businesses will need to look at several different aspects of how they operate and continue to deliver their products and services while avoiding data breach pitfalls and other Brexit challenges.”

Hayes Connor Solicitors is currently running a #notjusthackers campaign to raise awareness of avoidable data breaches.

For more information on how your business can avoid falling foul of the ICO, visit the Hayes Connor website at

Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation