A third (32%) of businesses have moved part of their operations to Europe after considering how Brexit could affect data privacy regulations, with another third (35%) refocusing their client base to the UK, according to new research from business process outsourcer Parseq.

Parseq asked decision makers in businesses with 250 employees or more if they’d considered how Brexit could impact the data privacy laws that apply to them to mark a year since the General Data Protection Regulation (GDPR) came into force.

Nine in ten businesses have taken proactive steps

The research found nine in ten businesses (89%) had considered how privacy rules could be affected and have taken proactive steps to prepare ahead of the UK’s departure from the EU.

A third of businesses (35%) said they’d refocused their client base to the UK another third said they’d transferred a proportion of their operations to Europe (32%).

More than a third (37%) of firms also said they have audited data flows to and from the EU ahead of Brexit and over two fifths (42%) have sought advice from the Information Commissioner’s Office.

Craig Naylor-Smith, managing director, Parseq, said: “UK businesses are currently operating on shifting sands. Whether or not data privacy regulations will change after we leave the European Union is, at this stage, unclear.

“The Data Protection Act (2018) transposed the GDPR into UK law, but if the rules in Europe diverge once we leave the EU it could make transferring personal data to and from the continent more difficult – a vital consideration for businesses in our increasingly connected, digital world.

“With this in mind, it’s encouraging to see so many firms take proactive steps to prepare for the prospect of regulatory changes. However, with an even proportion of firms increasing their European presence and refocusing their position to the UK, it’s clear the best course of action will depend on individual strategies.

“Businesses that haven’t considered how Brexit could impact the data privacy regulations that apply to them should be doing so as a matter of urgency.”

Data privacy tops business investment priorities

Parseq’s research also discovered compliance with data privacy regulations has become a more pressing investment priority for businesses in the year since the GDPR came into effect.

For the 12 months following the regulations’ May 2018 enforcement deadline, compliance with data privacy regulations was cited as a top investment priority by a third (35%) of businesses, ahead of productivity improvements (32%), developing staff skills (31%) and new technology (30%).

In the year before GDPR came into force, compliance with data privacy regulations was flagged by less than a third of businesses (32%) and was a less pressing investment priority than productivity improvements (36%), new technology (30%) and developing staff skills (30%).

Craig Naylor-Smith added: “The GDPR could be part of the reason firms are keen to stay on the front foot when it comes to data privacy. A year since the regulations came into force, more businesses appreciate the implications of non-compliance and want to stay ahead of the game to minimise the risk of potentially significant financial penalties.

“Digitising documentation that contains customer and employee data is one way businesses can ensure they’re able to manage and take advantage of data effectively. At Parseq we offer our clients solutions that make use of technologies such as Robotics Process Automation (RPA) and optical character recognition to build digital, searchable, archives of paper documents.

“This helps businesses quickly and securely access important information as and when they need it – whether its for compliance purposes or to help businesses use data to deliver the more personalised, data driven products and services their customers have come to expect.”

 

Originally published in Info Security Magazine