Magazine Issues » November 2018

LEGAL EASE: Brexit and the GDPR

Richard_ThomasEven though the UK has now implemented the General Data Protection Regulation (GDPR), it’ll need to agree new arrangements with the EU post-Brexit.

Last August, before the regulation came into force, the government published a ‘future partnership paper’, covering the exchange and protection of personal data between the UK and the EU, post-Brexit.

The paper confirmed that the UK would implement the EU’s new data protection framework into UK domestic law which, as we’re all aware, it’s now done. But even though the UK’s data protection laws are now in line with the EU’s, it’ll still need to agree new arrangements governing the flow of data between it and EU countries.

The UK will need to reach this type of agreement with the EU before Brexit happens, to make sure that the rules for exchanging and protecting personal data are clear – offering vital stability for businesses, public authorities and individuals. A formal agreement would also allow the UK regulator (the Information Commissioners Office) to maintain effective regulatory compliance with other EU information regulators.

But the current political uncertainty – and the talk of a ‘no deal’ Brexit being a very real possibility – threatens the likelihood of this type of agreement being made. If the UK leaves the EU without any formal withdrawal agreement, the free flow of data between it and the EU could be suspended. If this happens, the consequences for businesses – as well as individuals – could be significant, particularly if they haven’t prepared properly in advance.

Businesses of all sizes need to prepare carefully and thoughtfully for this possibility. It’s a good idea to start putting contingency plans in place now, to make sure you can continue to exchange data with the EU even in the absence of any overarching agreement. By doing this, you’ll be able to minimise the risk of disruption to your day-to-day business activities – as well as your bottom line.

One way to safeguard against this is for you and your data receivers to enter into certain types of contracts that incorporate the standard data protection clauses that the EU Commission has adopted, which will remain valid and in force until amended, replaced or repealed in accordance with Article 46(5) of the GDPR. There are essentially three different Commission-approved types of standard contractual clauses covering (1) controller-to-processor transfers; (2) controller-to-controller transfers and (3) processor-to-processor transfers.

The key issue is to identify which category your data transfer falls into and to consider utilising the relevant contractual clauses in any final service-level agreement. One final point is that it is not yet clear as to whether the Commission intends to adopt new standard data protection clauses that reflect the GDPR’s more restrictive framework – but this is likely, so watch this space!

Time’s running out, with the UK due to leave next March. Contingency plans require careful thought and can take time to put in place. The GDPR doesn’t solve the issue of exchanging data with the EU, so you need to start thinking now about how you’ll continue to operate in the event of a no-deal Brexit.

Richard Thomas is a partner at Capital Law

©2018 funds europe

Thought leadership


This whitepaper outlines key challenges impeding the growth of private markets and explores how technological innovation, when bolstered by the operational experience and global reach of FMIs, can provide solutions to unlock access to private market funds for a growing investor base.


Transporting goods by sea is the lowest carbon way of transporting goods. That said, the shipping sector contribute 3% of global carbon emissions, so we need it to get to net zero. Breakthrough technologies have the power to reshape the industry and drastically reduce its environmental footprint.



We often hear about the challenges related to sustainability data - in particular, the lack of consistency, comparability, and completeness. Update your information puzzle with Essential Sustainability Intelligence.


Discover how investing in real assets with a multi-asset approach can help build resilient portfolios.


Executive Video Interviews

Why fund admin tech is a key competitive advantage

Cian Hyland, Strategic Client Relationship Director at Deep Pool Financial Solutions spoke to us about how technology enables efficient data management, reporting automation and secure data access.

Insights from State Street

Cuan Coulter, Global Head of Asset Managers and Head of UK and Ireland at State Street, discusses how fund managers decide between the two cross-border fund domiciles, namely Ireland and Luxembourg, and why asset managers find managing data so difficult.

Unlocking access to private markets

Vincent Clause, who heads the global funds strategy at Euroclear and David Genn, CEO of Goji, sit down with Funds Europe to explain how technological innovation, bolstered by operational experience and global reach, can provide solutions that unlock access to private markets.

Sustainable investing in the DC world

Claire Felgate, a specialist in UK defined contribution pension schemes at asset manager BlackRock, talks with Funds Europe editor Nick Fitzpatrick about how - and the pace at which - DC pension schemes are adapting to the requirements of sustainable investment.



Join our webinar for a deep dive into the findings of the fresh-off-the-press EU Taxonomy 2023 Insights Report, based on Clarity AI's best-in-class coverage of EU Taxonomy reported data and CDP industry-leading environmental datasets. 

In this webinar, we discuss tools for optimising fund data management and distribution, the role of global fund classifications and ratings, and how technology and automation enhance data integrity and insights.