Brexit: what to expect ?

8 October 2019

Last edit on December 18, 2019

With or without an agreement, Brexit is set to take place on 31 january 2020. At least, that’s what British Prime Minister Boris Johnson continues to assert. If a withdrawal agreement is ratified by then, EU law will cease to apply to the United Kingdom as of 1st January 2021 and a transition period will enter into effect until 21 December 2020. The ‘no deal’ scenario seems now very unlikely. In this case, the departure from European law would be effective 1st January 2020.

This is an opportunity to present Lemonway’s preparations and consequences for its partner platforms.

What are the consequences for Lemonway?

As a payment institution, Lemonway provides payment services, for which it holds a license, to users of online platforms located in Europe. Following Brexit, Lemonway will be required to apply for approval from UK regulators to continue operating in the UK.

Since 29 March 2019, the Financial Conduct Authority (FCA) has introduced a temporary authorisation exemption scheme for entities and funds in the European Economic Area (EEA). Lemonway approached the FCA and has completed the necessary formalities to obtain this exemption. This will enable the company to operate in the United Kingdom for 3 years following the United Kingdom’s definitive exit from the European Union, pending final approval.

How will this affect the protection of personal data?

Currently, there are no limitations on transfers of personal data between EU Member States. Depending on the outcome of Brexit, transfers to the United Kingdom may be subject to controls.

Primarily in order to comply with its obligations to combat money laundering and terrorism financing (AML-CFT), Lemonway may collect, process and store personal data from its partner platforms and their users.

In order to comply with data protection laws in EU and the UK after the Brexit, Lemonway has studied the guidance from the UK Information Commissioner’s Office (ICO), from the CNIL (Commission nationale de l’informatique et des libertés) and from the European Banking Authority (EBA)

The data Lemonway collects is currently hosted in France. No data is transferred to the United Kingdom. Brexit should therefore have no data protection consequences for Lemonway.

In the event of an agreement between the European Union and the United Kingdom, a transitional period should be provided for, during which the European Union must necessarily treat the United Kingdom as a Member State, with the exception of its participation in the institutions and governance structures of the European Union. Thus, the current data protection regulations (GDPR) are likely to apply until 31 December 2020. At the end of this period, the United Kingdom ought to apply the relevant European rules until the European Union has established, by means of a formal recognition of equivalency, that the country offers a data protection system with guarantees ‘essentially equivalent’ to those guaranteed by the GDPR.

In the unlikely event of a ‘no deal’ scenario, the United Kingdom will be considered a ‘third-party state’ under current regulations on 1st January 2020. Therefore, provisions governing the transfer of personal data to a non-member country would apply, such as the ones Lemonway currently applies according to GDPR provisions

For additional information regarding the potential consequences of Brexit, please contact our Support team.