Background
The UK left the European Union (EU) on 31 January 2020, but effectively continued to be treated as a member of the EU for a transition period of 11 months whilst it set out to negotiate the terms of its future relationship. The transition period ended at 11.00pm on 31 December 2020. By that time, agreement in principle had been reached in relation to Trade, Information Security and between the UK and Euratom in relation to Nuclear Arrangements. Some additional joint declarations of intention were also agreed (for example, of the intention of the European Commission to promptly launch the procedure for the adoption of an Adequacy Decision* in respect of the UK under the GDPR).
The UK has had to re-align its domestic laws so that there is now a domestic legal basis for once European laws (that process started a while ago). European laws, loved or hated, have largely been incorporated into our domestic law for the purpose of legal continuity…for now!!
Business Impact
What it means for your business will depend primarily on what you buy and sell and where you buy and sell it.
For some businesses, the impact will be of fundamental significance. For example, financial institutions that have been relying on their UK authorisation or licence to provide regulated activities in the EU (known as “passporting”), will need new licences/authorisations to continue to provide services in the EU.
The less obvious impacts might arise through laws which are relevant to your specific business activities and continue to apply to EU/EEA** based customers and suppliers. The impact of that law on your business could change because the UK is now deemed a “third” country (i.e. separate from the EU). For example: • Any UK business that is receiving personal data from EEA** countries, may well be asked to sign up to certain additional contractual clauses from companies within those EEA** countries to oversee the transfer of personal data. • Any business classed as a Digital Service Provider under the Network and Information Systems (NIS) Directive, which offers services in the EU and no longer has an establishment in any EU Member State, may need an EU Representative.
Unforeseen impacts are likely to have an unexpected time and/or cost consequence as well as an associated risk impact that needs to be assessed and absorbed into the business through various risk management mechanisms such as contracts and operations etc.
Where do I start?
If you are not sure where to start understanding what it means for your business, the government has issued a Brexit checker https://www.gov.uk/transition, which will give you a good starting point (it also covers personal impact).
We would also suggest a commercial risk assessment of the impact on your business, in terms of identifying the possible impact on or concerns re: commercial relationships, material contracts, intellectual property protection and data protection as well as overall business strategy.
This and the Brexit Checker combined can give you a fairly good signpost and at the very least help you identify what you don’t know! From there, you will be a good step forward in the Brexit Maze and that will help define your next step regarding identification of actions and resultant prioritisation of actions.
For more information:
Lawpoint can help you understand the impact of Brexit on your business/your contracts/ intellectual property and data protection processes and most importantly, provide solutions. For further information, contact Tracey on 01202 729444 or e-mail tracey@law-point.co.uk.
*A decision which would result in the UK being designated as a country that has the adequate data protection standards to enable it to receive personal data from EEA countries, without the need to rely on less attractive GDPR mechanisms to legitimise those transfers. **EEA countries are the members of the European Union plus 3 European Free Trade Agreement countries.