A no-deal Brexit could provide major headaches for Irish firms who have spent months adjusting to the EU's comprehensive data protection laws, experts have warned.
Deloitte said that Britain crashing out of the EU would add additional workload and pressures to Irish firms who share information between the two jurisdictions because of the obligations of the general data protection regulation (GDPR).
Dublin-based cybersecurity firm Ward Solutions echoed the warnings of Deloitte, saying no deal would "change Irish firms' obligations overnight", many of which had not planned for such a scenario.
The GDPR was ratified in 2016 following four years of negotiation, replacing an existing directive on data protection.
Unlike an EU directive, which can be implemented over time, the regulation was made law once it began on May 25 last year, meaning penalties could be imposed from the beginning.
The regulation is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy. It not only applies to organisations within the EU but also to firms that do business inside member states.
If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.
The UK's information commissioner's office said Westminster intends to enable data flow from the UK to Europe without any additional measures, but transfers from Europe to the UK will be impacted, Deloitte said.
Deloitte's Colm McDonnell said every organisation that processes personal data, transfers such data, or has a group entity in the UK will need to put in place measures to ensure compliance.
Banking and insurance companies that have data processors or group entities based in the UK will have to take measures, Deloitte said.
Chief executive of Ward Solutions, Pat Larkin said a no-deal Brexit would mean the UK moving from being a peer in EU data protection to an outside country like the US.
"This is non-trivial and poses a major challenge to firms overnight. There are a lot of Irish firms that may need to take action on data transfers," he said.