1). Will GoCardless be able to continue to serve customers if there is a Hard Brexit?
GoCardless SAS is our entity in France (SIREN: 834 422 180), which is authorised to provide payment services to merchants in the EEA. In the event of a Hard Brexit, GoCardless will need to realign contractual agreements for our EEA based merchants to GoCardless SAS that is legally authorised to provide those services by the French regulator (the ACPR).
If you are impacted by these changes, we will contact you in advance of any possible contractual amendments or restructuring that reflect our French entity providing services in the EEA.
2). Will my service be impacted as a result of Brexit?
No - there will be no negative impact on processing time frames for merchants, partners and payers.
3). What does Brexit mean for SEPA users in the UK?
The UK will remain within the geographic scope of SEPA. SEPA currently includes seven non-EU countries and territories: Norway, Switzerland, Iceland and the European Sovereign States of Monaco, San Marino, Liechtenstein and Andorra (for the avoidance of doubt, the UK will be a part of this list as the 8th non-EU country post Brexit).
4). Will the creditor identifier (CID) change?
A CID is a unique reference which identifies each SEPA Direct Debit originator. The structure of the CID has been standardised throughout SEPA. It is made up of the respective originating ISO country code, a check digit comprising 2 characters, the Creditor Business Code and a country-specific part, called the national identifier, which may vary in length but must not exceed 28 characters. The length and format of the CID therefore differs from country to country.
In the event of a delay, there will be no changes to existing CIDs. New merchants using SEPA may have the option of being issued new CIDs through Barclays Germany. It is not yet possible for new merchants to bring their existing CIDs with them when they join GoCardless.
5). How is GoCardless managing Brexit's impact on GDPR?
GDPR is in effect in the UK now, and the UK has passed the GDPR-compliant Data Protection Act. No matter what, GoCardless will continue to apply a global privacy and data protection risk management programme that includes the programme elements and processes necessary for GoCardless and its merchants to demonstrate compliance with GDPR’s high standards.
Brexit is likely to mean that companies transferring data from the EU to the UK will need to have a transfer mechanism in place to make the transfer lawful. Here’s what will happen for GoCardless’s data transfers. Post-Brexit, GoCardless’s financially regulated services will be provided by our French entity, GoCardless SAS, meaning any data transferred from our merchants is internal to the EU. We have executed the documents that allow us to provide services from France supported by our UK entity, including a set of GDPR-compliant standard contractual clauses. Any onward data transfers will continue to be covered by our GDPR-compliant supplier onboarding due diligence and transfer mechanisms reviewed or enacted as part of that programme.