A 'no-deal' Brexit will impact on the flow of personal data information governed by GDPR, new research from Deloitte shows.
It will also add additional workload and pressures to companies who share information between jurisdictions within the European Economic Area.
Deloitte said that many companies have spent months, and even years, preparing for the introduction of GDPR in May last year and they have invested heavily in terms of resources to work towards compliance since then.
But the impact of the UK leaving the European Union without a deal in place means that those organisations may now face additional challenges to ensure compliance post Brexit.
Deloitte said every organisation that processes personal data, transfers such data, or has a group entity in the UK will need to put in place measures to ensure compliance with the data rules.
The professional services company said that keeping up-to-date records of processing is core to compliance with the GDPR and it urged companies to use records of processing to form a complete list of all data flows to and from the UK.
Deloitte said that fully identified data flows should allow businesses to quickly scope out and plan for the majority of the work that will be required in terms of subsequent contract and data protection notice updates/amendments
It also urged companies to review all data protection notices and amend where necessary and said that due diligence procedures should be updated to allow for data processors in the UK.
Companies are also urged to review and update all existing data processing contracts to ensure appropriate clauses are in place, while they should also consider the use of Binding Corporate Rules to continue to transfer personal data to group entities based in the UK.
Deloitte said they should assess what transfer mechanisms are currently in place to protect personal data and any additional security measures necessary, while they could also consider any planned initiatives to identify UK dependencies from both a system and contract perspective.
"A well-prepared action plan aligned with on-going initiatives can help to ensure a smooth transition and continuation of a free flow of personal data between the EEA and the UK," Colm McDonnell, Partner at Deloitte said.