The latest business continuity news from around the world

Brexit for business continuity and risk managers

The UK's referendum about EU membership resulted in a decision to leave; and the implications for businesses are unclear.This page will be continually updated with information to assist business continuity and risk managers steer through these turbulent waters.

On Twitter follow the hashtag #businessbrexit

To submit a resource or make a comment please email


RESOURCE: The impact of Brexit on GDPR compliance risks

Britain’s decision to leave the European Union has led some data professionals to think that they will no longer be affected by the EU’s General Data Protection Regulation (GDPR) due to come into force in 2018; however, John Cassidy, VP EMEA, Ground Labs disagrees. Read this article.

RESOURCE: Identifying organizational exposure to Brexit

Charlie Maclean-Bristol looks at some steps that organizations can take to identify areas of exposure to Brexit risks. Read this article.

RESOURCE: Businesses can handle Brexit challenges within a conventional risk management framework: Airmic

Airmic sent top-level Brexit guidance to members based in the EU within hours of the referendum result being known, commenting that the decision “must now surely feature on the list of principal risks for most organizations." Read this article.

RESOURCE: How’s your Brexit contingency plan?

A checklist of items to consider in a Brexit risk assessment: by Jim Preen, Crisis Solutions:

How can an organization prepare for Brexit? The first stage is to conduct a risk assessment. Here are some of the questions you should ask:

  • It will take at least two years for the UK to disentangle from the EU. How will this period of uncertainty affect our company?
  • How much business do we conduct with Europe?
  • Would a less favourable trade agreement hurt us?
  • Would a delay in a new trade agreement with Europe hurt us?
  • Do we receive any funding from the EU?
  • Freedom of movement within the EU is already changing. What further outcomes could UK departure cause both for EU citizens who want to work here and UK citizens who work in Europe?
  • Will there be any potential staffing problems?
  • Will Brexit have any impact on our suppliers and our supply chain?
  • Brexit could potentially trigger another Scottish referendum and see the Scots breaking away from the UK. Would this have an effect on our business?
  • What legislation that we currently comply with might change? Could this be detrimental or beneficial?
  • If EU regulations no longer apply where might the UK government impose new regulations?
  • What international taxes or trading agreements might change?
  • Could the swift decline in the value of the pound hurt us?

RESOURCE: What does Brexit mean for data privacy and cyber-security?

The result of the UK referendum was clear, more than a million people tipped the scales in favour of Leave. There will be at least a two-year period (some say five) before the UK decouples from the EU. It will be a time of profound uncertainty and many are concerned about its effects on cyber-security and data privacy. Read the article


The Business Continuity Institute recently hosted a discussion forum, sponsored by ClearView Continuity, at the Royal Institution in London. A panel of experts gave their views on what the Brexit challenges could be and then answered questions from the audience. The output from the discussion forum is available in a white paper which is available here (PDF).

The BCI also recently published the paper 'Horizon scanning post-Brexit: What should businesses prepare for?' which is available after registration here.

RESOURCE: Brexit issues for UK risk managers to consider

An article written prior to the EU Referendum which looks at some of the wider potential business risks to consider. Read the article

RESOURCE: Businesses should respond to Brexit now: Institute of Directors

The Institute of Directors has published a paper outlining a wide-ranging assessment of what Brexit means for British business. The report suggests:

  • It is imperative for businesses to begin conversations with EU clients and supply chain now, in order to clarify what these changes will mean for businesses;
  • 83 percent of IoD members have some link with Europe, whether via export, import, supply chain, staff or otherwise;
  • The UK is unlikely to be able to deal with new trade partners whilst re-negotiating with the European Union and amending existing third-party arrangements;
  • Passporting for financial services has been one of the most significant advantages of the single market for UK firms. Negotiating this will be difficult as remaining EU members will see this as an opportunity to shift business to European cities, unless the UK opts for the potentially politically-difficult EEA model;
  • On immigration, the IoD expects EU nationals living in the UK to be able to stay once the country has left the European Union, but calls on politicians to clarify this status as soon as possible.

Read the IoD paper.

IMPACTS: General UK organizations

INONI has published a review of potential business impacts on a blog piece:

“We each inherit risks via our supply chain.  Any UK-based organization that relies on EU trade may now face increased costs.  This means that unknown to you, a critical supplier may be becoming less stable.  Find out which suppliers are critical and how Brexit is affecting them.

“We may face active protectionism, since Brexit success will encourage other EU members to leave. This will manifest as increased sensitivity for UK firms, where a lapse in supply is more likely to trigger termination or non-renewal, reducing our tolerance to disruption.  We must offer better resilience than EU competitors, systematically preventing failures

“The return of staff to EU countries may result in short-term skills shortages.  However, some international organizations may also relocate, releasing UK-based staff and increasing skills availability.  We need to anticipate and plan for this

“Brexit may tempt organizations to make pre-emptive cutbacks.  So-called efficiency savings are often accompanied by a loss of deep experience.  This leaves the organization vulnerable, unable to expand or repair production facilities in acceptable timeframes. Think ahead and plan to retain and develop key skills.”

IMPACTS: information security

The UK may be more vulnerable to cyber attacks because of leaving the EU according to a survey. Over a third of those who work in the IT security industry (38 percent) fear that leaving the EU will make the UK more vulnerable to cyber attacks because they will no longer benefit from intelligence sharing with other EU states, according to recent research conducted by Unified Security Management and AlienVault. The research, which surveyed the attitudes of around 300 IT security professionals at the Infosecurity Europe conference, also found that over half of respondents (52 percent) believe that UK organizations will still have to comply with EU legislation in order to trade with Europe. The majority of respondents (66 percent) thought that the customer data held by their organizations will not be affected by Britain leaving the EU. But a quarter of those surveyed (25 percent) worry that the corporate data held by their organizations will be less secure after a ‘Brexit’, and 22 percent felt the same about the customer data held by their organizations.

IMPACTS: General Data Protection Regulation (GDPR) and UK companies

Much has been written about the impacts of the General Data Protection Regulation (GDPR) but Brexit raises even more questions about the GDPR. What are the compliance implications for UK organizations? It's something to consider and monitor as Brexit develops.

Robert Cattanach, a partner at the international law firm Dorsey & Whitney on data protection impacts:

"The Brexit Referendum creates significant chaos on at least two fronts regarding Privacy issues. First, the UK will not automatically implement the EU’s recently passed General Data Protection Regulation (GDPR), which was designed to normalize and harmonize privacy protection requirements, processes, and governance throughout the EU. Britain had not been a particularly ardent proponent of the GDPR in the first instance – the UK’s Information Commissioner’s Office (ICO) was particularly critical of the right to be forgotten provisions; and it appears likely that some of the provisions considered to be more onerous may not be embraced in what will now likely be a stand-alone regulatory scheme in the UK.

"This in turn also raises the spectre of whether the UK’s privacy protection provisions will be deemed sufficiently robust by the EU to merit a finding of ‘adequacy’ that would allow automatic trans-border transfers of personal information, as is currently the case. Assuming that the recently proposed Privacy Shield meets the same fate as its predecessor Safe Harbor, the UK may well be forced to resort to the same sort of burdensome binding corporate rules or model clauses now being required of most non-EU countries in order to transfer such information cross-border. Obviously much remains to be determined, but the bureaucrats in Brussels are likely to take a particularly dim view of Brexit, and may retaliate by finding the UK’s privacy regulations not sufficiently adequate to allow it to continue to mesh freely with the rest of the EU from a privacy perspective.  This would create enormous logistical difficulties – and impose significant expense -  on virtually all companies in the UK that currently transfer personal information between the UK and the rest of the EU seamlessly."

IMPACTS: Brexit impacts on the UK’s pharmaceutical and medical device industries: GlobalData

The outcome of the EU referendum on the UK’s continuing membership of the European Union (EU) will have major consequences for the country’s pharmaceutical and medical device sectors, and for the healthcare industry to thrive in the event of the UK leaving the EU, the country will need to adopt a uniquely British approach, according to research and consulting firm GlobalData.

The company’s latest whitepaper states that for the pharmaceutical and medical device industries, the vote to leave will have significant consequences in five key areas, namely regulatory impacts, research and development, access to talent, intellectual property rights, and market access.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.