Report: Navigating cross-border data flows and the GDPR

Regulatory complexity and uncertainty seem to be the major issue for businesses, as regard cross-border data flows.

Isaac Ouro-Nimini Hansen Trade Policy Adviser

Limiting cross-border data flows can negatively affect economic growth. Businesses face specific challenges with regards to cross-border data transfers. This report analyses these challenges from a trade policy perspective and gives recommendations that could reduce regulatory complexity for international businesses.

Your report concerns cross-border data flows and regulations that limit the ability of businesses to move data across borders, regulations such as the GDPR. What is the issue at hand?

The ability to move data across national borders is a key enabler of our modern, interconnected world, and for trade in both goods and services. Digitalisation, which is underpinned by cross-border data flows, is the key driver for future economic growth, both in Sweden and globally.

Limiting cross-border data flows can negatively affect economic growth by making it more difficult to take advantage of the economic and social benefits of digitalisation. Regulatory complexity and uncertainty seem to be the major issue for businesses, both large and small.

What does this mean for businesses?

Businesses in every sector rely on data flows in their operations. This is true for businesses dealing with digital products and services, as well as those businesses that are active in the traditional manufacturing sectors. The use of digital, cloud-based services in accounting or HR, for example, is widespread, and coordinating manufacturing processes that are spread out across the globe would be near impossible without cross-border data flows. Obstacles to cross-border data flows make all these processes more difficult, and more expensive, for companies to run.

How did you approach the issue?

We have identified the specific challenges that businesses face with regards to cross-border data transfers. Large and small companies largely face the same challenges. Having identified the issues, we analyse them from a trade policy perspective. Our recommendations have been evaluated based on them being useful, realistic and GDPR-compliant.

What can be done?

One option would be to increase transparency by making the rules and regulations available online in an easily accessible and understandable format in multiple languages.

Policymakers in the EU and other jurisdictions could also agree on a common terminology, a common understanding of the terms used in the data protection legislation. Although this would not harmonise the data protection rules, it would make it easier for businesses to navigate them. We believe our recommendations could improve the situation for businesses, while respecting and safeguarding the existing data protection regulations.

Summary of recommendations

Trade policy recommendations for moving forward: common terminology; more and faster, adequacy decisions; increased technical assistance and capacity buildning; data flow test; and increased transparancy around regulations.

What will happen if no action is taken?

Currently, international businesses may already be required to have data centres in multiple countries to store and process data that could actually be managed in one country, or one location. Such businesses also require extensive resources and know-how to adapt to the different data protection frameworks in the various countries. Our recommendations would not solve all the issues related to cross-border data flows, but by decreasing the level of complexity and increasing transparency, it would be possible to reduce some of the negative effects borne by businesses.

How can we ensure that the interests of developing countries are taken into account?

We acknowledge that different countries have different needs, as well as different views on the balance between, for example, protecting personal data and taking advantage of the economic benefits of digitalisation. Our recommendations have been designed so that they could realistically be implemented in different regulatory regimes across the globe.

We also recommend that developing countries are offered the necessary support to help them develop their capacity to regulate cross-border data flows. When new regulatory frameworks are being created, it would be beneficial to both domestic and foreign companies if the rules are compatible with the already existing and internationally accepted frameworks, such as the GDPR.

What is the National Board of Trade Sweden?

The National Board of Trade is the Swedish government agency for international trade, the EU internal market and trade policy. Our mission is to facilitate free and open trade with transparent rules as well as free movement in the EU internal market. We provide the Swedish Government with independent analyses, reports and policy recommendations and take into account the views of businesses of all sizes in international trade policy-related matters.