News reports this morning suggest that hundreds of British-based jobs at Visa might be at risk if the company is forced to relocate to the Continent following last week's Brexit vote. The reports suggest that Visa in the US has stipulated that data from Visa Europe card transactions shouldn't leave Europe.

As I said in my blog post on Friday, last week's Brexit vote had no immediate impact on the UK's data protection laws (in the form of the Data Protection Act 1998) which implement the current 1995 European Directive or on the UK's status as a member state of the EU.

The new EU General Protection Regulation (GDPR) will come into force across the EEA in May 2018. At that stage, the UK may still be an EU member (in which case GDPR would apply) or if its status has changed it may have adopted GDPR (or a UK equivalent) in order to ensure that (for EU data protection purposes) it is considered as adequately protecting that data so that UK/EU transborder data flows are permitted without additional restrictions.

So, at the present time, from a general legal perspective, there is no need to rush to make important decisions to relocate data processing operations away from the UK.

What was interesting about the report I read, however, was that it suggested that the requirement to consider moving the data came not from an immediate concern about the UK's regime for protecting personal data but from a commercial agreement that the data would remain in Europe.

I have no knowledge of any of these arrangements but the report (if accurate) does highlight the need for organisations to understand their contractual commitments and to monitor them to ensure that:

  • They will not be breached as a result of any of the events that flow from a Brexit vote
  • They remain appropriate for the changes that will inevitably flow from a change in the UK's status

Over the coming months (and, probably, years) much focus will centre on making sure that new contracts cater for the various possible permutations from Brexit but it is equally important that organisations make sure that they are on top of existing contracts that may run beyond any EU withdrawal to make sure that they don't find themselves inadvertently in breach of their terms or facing risks that the contracts simply don't address.

Brodies has developed a highly innovative contract management solution called BOrganised™ which will help organisations who use it to identify contracts that are likely to be impacted by Brexit.

If you are interested in having a discussion about BOrganised™ then please contact me or Ed McElroy.


Martin Sloan


Ed McElroy

Digital Services Manager