The ongoing data disruption of Brexit

Michael Schrezenmaier, Interim co-CEO & COO, Pipedrive, looks at the role of CRM to tackle the ongoing data disruption of Brexit

The Brexit process was – mostly – completed at the end of 2020, however, there is still an extremely thin trade agreement when it comes to the holding and sharing of personal data – among other areas.

The positive news is that some of the teething around holding personal data outside the UK and transferring it between the UK and the EU after the end of the Brexit transition period and the Schrems II court ruling has started to resolve.

However, after the US and China, the UK has the highest amount of cross border data flow, 75% of which comes from the EU. With a data adequacy agreement still to be completed (a draft form was proposed in February 2021) it is crucial that businesses on either side of the Channel have the structures in place to ensure investment still flows and firms can still operate in the new era we find ourselves in.

Brexit, GDPR and data protection

The EU General Data Protection Regulation (GDPR) is an EU regulation and therefore no longer applies to the UK. If you operate within the UK, you must comply with UK data protection law.

Fortunately, the EU recently ruled that the UK has an adequate or deemed “substantially equivalent level of security” compared to the EU GDPR, allowing the continued exchange of personal data between the EU and the UK. This decision is valid for four years, after which the adequacy determination may be reassessed. If the UK’s security level is not found adequate or substantially equivalent in the future, it will be subject to additional rules and regulations to continue the free exchange of personal data.

Monitoring of data protection and personal data regulations will be particularly important for EU companies that wish to continue to work with data centers located in the UK. UK businesses working with EU businesses must of course still comply with the existing EU regulations that were previously in force.

Ensure seamless business – use your CRM

There are three key areas for business and technology leaders to look at if they want to navigate their companies through these changed circumstances.

1. Being prepared to expand into new markets

On a practical level, expanding successfully into new markets requires your company to be highly attuned to your new prospects’ preferences, which may differ from those of domestic customers. Well-performing CRM software can bridge this gap and give the insights needed to accurately profile your customers and pinpoint where you need to make changes to products or processes to better meet market needs.

Make sure you coordinate with your trading partners to agree on your roles and responsibilities; to prepare paperwork for trade goods; to obtain licences for importing or exporting specific goods such as waste, hazardous materials, chemicals, etc.

2. Smart business analytics

The consideration of which data sources your CRM draws together. This will help bridge the divide between marketing, sales, product delivery and customer service, which will be crucial in ensuring there is still a 360 degree customer view.

It’s worth ensuring that your various business solutions integrate so you can seamlessly find out all you need to know. When it comes to staffing, for example, service providers and EU individuals operating in the UK must demonstrate compliance with UK regulations. This is especially important for regulated professions or individuals who require certifications to operate.

Although many rules and regulations came into effect on January 1, 2021, many more are being additionally evaluated or enforced with ‘soft’ implementation. Decisions are also pending in the areas of data exchange and financial services. Although the UK and the EU have agreed on some consistent rules for now, they do not have to remain consistent in the future. If one side is unhappy with the new rules, it could trigger a dispute that requires further negotiations or lead to tariffs (levies on imports) being imposed on certain goods and services in the future.

3. Data regulation

As a company begins to work with new (or altered) markets and different ways of working, it is imperative to be well-prepared from the data governance perspective. This means having agile, transparent and secure data management capabilities up to speed, so there can be quick transitions to satisfy any changing needs of regulators, clients or trading partners, wherever they may be, and whatever regulations apply.

The EU General Data Protection Regulation (GDPR) is an EU regulation and therefore no longer applies to the UK. If you operate within the UK, you must comply with UK data protection law.

Because the GDPR has been incorporated into UK data protection law as the UK GDPR, the core data protection principles, rights, and obligations of the UK GDPR have changed little compared to the EU GDPR. However, the UK GDPR may change or evolve in the future. If the UK’s security level is not found adequate or substantially equivalent, it will be subject to additional rules and regulations to continue the free exchange of personal data.

The road ahead

Given the formerly close relationship between the UK and the EU this process of separation will involve immense effort from legislators down to business people for some time to come. As a result, we will feel the effects of Brexit for years as questions are answered and edge cases are solved.

It will be good practice to keep a close eye on Brexit developments and industry-specific changes. As they arise, go back to basics and check how they affect your business, people, commerce, shipping, finances, and technology. And where you need to, ensure that technology can automate information finding and analysing/scheduling – make business life as simple as possible in changing times.