How will GDPR affect the UK's SMEs and fintech firms?

The Brexit rollercoaster took another unexpected turn last month, as it was announced that auditors were to investigate the £39 billion 'divorce bill' that has been agreed between the EU and the UK. Still, the very existence of such an agreement highlights the UK's continued commitment to the EU in the short-term, across a host of financial, commercial and social obligations. This means that British firms will need to adhere to the upcoming General Data Protection Regulation (GDPR), which is a new EU directive that will come into force later this year.

What is GDPR, and When will it Come into Force?
Since 1998, the commercial sector in the UK has been governed by the Data Protection Act 1998, which was itself derived from the 1995 EU Data Protection Directive. As the pace of technological advancement has increased and we've entered the age of big data, however, businesses have faced a host of new challenges and the EU has spent four years drafting updated protection legislation to reflect the changing times. This new legislation will come into force on 25th May, at which point all existing EU member states (including the UK) will incorporate GDPR into law and embrace brand new data protection laws.

Why was GDPR drafted and what impact will it have on the UK's Fintech startups?
As mentioned, the GDPR has been drafted in order to ensure that data protection legislation is fit for purpose in the current technological climate. There are also more specific reasons for its development, most of which are focused on the way in which data is used and the experiences of both customers and businesses alike.

Firstly, the EU wants to afford people more control over how their data is used, in an age where Cloud technology has inspired the rise of big data and real-time sharing. The Union is also responding to high profile cases and data breaches involving large corporations such as Google, who have endured ongoing legal battles surrounding the privacy of users, and the so-called right to be forgotten.

Beyond this, the EU also wants to give firms a clearer and easier to understand legal environment in which to operate, by creating a single data protection law that runs throughout the single market. This could save firms an estimated €2.3 billion per year including all UK SMEs and fintech startups that are trading when the legislation is enacted this spring.

It's also interesting to note that the GDPR will introduce tougher fines for non-compliance and data breaches, which is an important consideration for smaller firms with restricted infrastructures. In the case of fintech companies operating with CFD products, such as Hantec Markets, the direct sharing of data between clients and brokers will come under greater scrutiny and force companies to make a quick and effective transition.

These clients will also have greater say in how their data is used, and companies must recognise this if they're to successfully comply with the GDPR.

The Last Word
With the UK not scheduled to exit the EU until March 2019 at the earliest, UK firms and Fintech SMEs will be required to comply with the GDPR in full when it's launched in May. This is sure to have an impact in terms of how companies operate, but the big question that remains is whether the government will repeal this legislation in the long-term and run the risk of causing more uncertainty for firms?

Blog

• Catalonia - arrest warrants issued for deposed government members
• Clifford Chance’s SPARK Scheme: How can it help you to secure a training contract early on?
• Gender pay gap at the top - women paid around £12,000 less
• Robert Mugabe resigns after a 37 year rule
• "The Gender Pay Gap Is A Continuing Reality"