Just in case you’ve run out of things to worry about in 2019, a recent WIRED article floated the very real possibility that a data disaster could arise for U.K. companies if a no-deal Brexit goes through. In other words, if the United Kingdom and the European Union (E.U.) fail to come up with a solid agreement about what to do before going their separate ways, it could affect more than the trade of tangible goods.
Due to the strict nature of European privacy regulations, the data that passes from Europe to the U.K. — and there’s a lot of it — could get held up in a sea of red tape. And if this happens, it would cripple tech companies that rely on the free flow of data across the English Channel.
Why would that happen? Let’s start with the basics.
Why does GDPR affect the flow of data?
The General Data Protection Regulation (GDPR) is an extensive piece of legislation that limits how companies collect and store customer data. It was designed with the well-intentioned goal of protecting privacy, but like many laws, it’s had some unintended consequences. Experts are still working to figure out the impact it will have on technology companies.
One GDPR requirement is that E.U. countries send data only to countries that will protect that data. The E.U. has agreements in place for the transfer of data to plenty of countries outside the E.U., but they don’t have anything in place for the passage of data going into the U.K. After all, Great Britain is still part of the E.U. and will remain an E.U. member until the divorce is finalized.
No-deal Brexit: the trouble with a quick split
A no-deal Brexit would be one in which the U.K. jumps ship without a formal agreement — something British Prime Minister Boris Johnson has been threatening for some time now. And although he’s toned down that rhetoric lately, a no-deal Brexit is still a distinct possibility.
A no-deal Brexit would lead to all kinds of complications in the trade of tangible goods alone (e.g., confusion over tariffs, border-checks for the passage of goods that leads to bottlenecks at the port of entry). Advocates of a no-deal Brexit believe these problems will work themselves out, but critics believe the U.K. and the E.U. need to address these problems before making a clean break.
Getting data across the border
Since GDPR limits the transfer of data to foreign countries for which there is no formal agreement, exporting data from the E.U. to the U.K. could constitute a GDPR violation. And if a no-deal Brexit goes through, there wouldn’t be enough time to put an agreement in place.
The result? Data would pass freely from the U.K. to the E.U., but it couldn’t flow in the opposite direction (from the E.U. to the U.K.). Again, that could cripple companies that rely on that free flow of data.
How will this affect small- and mid-sized SaaS companies?
I’d love to tell you there’s nothing to worry about if you’re a small-to-mid-size British company that exchanges data with mainland Europe, but that might not be the case.
Larger companies are already preparing for either contingency (deal or no-deal), but small to mid-sized companies simply don’t have the resources to prepare while everything remains up-in-the-air. Cillian Kieran, CEO of a privacy start-up called Ethyca, was quoted in the WIRED article mentioned above, saying: “[Small companies] will need specialist advice and the engineering capability to make sure that they comply with new rules. And if they don’t, they could get prosecuted.
What’s a SaaS company to do?
If you’re not a tech giant with the resources to prepare for whatever might happen, you’ll just have to wait and see. The experts are now suggesting that a no-deal Brexit is unlikely, but if the past three years have taught us anything, it’s that unlikely things do happen from time to time.
In the end, the best you can do is pay attention, partner with companies that understand the rapidly changing political and regulatory landscape, and get expert advice.
The big lesson: surviving a complex regulatory environment
Going beyond Brexit and GDPR, there’s a lesson in all of this regarding how to survive (and ultimately thrive) in an era of complex regulations. The second Payment Services Directive (PSD2), for example, is an incredibly complex and convoluted piece of legislation that no mere mortal should attempt to conquer on their own.
Download Chargify’s eBook: Everything SaaS Businesses Should Know About PSD2 Compliance
Similarly, complex regulations make it difficult to bill and manage revenue with a home-grown billing solution, which is where companies like Chargify come in. In an era of complex regulation, it’s important to partner with companies that are monitoring current events closely and have teams of experts ready to act on compliance standards—so whether it’s the free flow of data that concerns you, the French digital tax, or a dozen other regulations, they’ll help keep you in compliance.
Nichole Elizabeth DeMeré is a B2B SaaS Consultant, Growth Marketer, and Copywriter. They also teach SaaS founders how to build, engage, and grow communities around their SaaS products. They are a top 15 hunter on Product Hunt, moderator at GrowthHackers.com, Quuurator at Quuu, and mentor at GrowthMentor.com. They previously worked at and was responsible for community growth at Product Hunt, Growth Hackers, Zest.is, Inbound.org (now Growth.org), and more. Check out their SaaS Growth Playbook with Trevor Hatfield.