An inquiry into public opinion suggests that fear and confusion could push sensitive personal data out of the country.
Data never sleeps. It’s generated every second of the day. So if the United Kingdom (UK) exits the European Union (EU) on October 31st, 2019 without a deal, there should be clear guidelines as to how personal data will be managed and protected.
But in reality, there’s a lot of uncertainty surrounding the rules that will govern sensitive personal information stored inside and outside the country.
This is evidenced by a recent study conducted by the cloud security firm, Artmotion. The research was conducted on both sides of the pond (covering the UK and the US) to shed some light on the internal and external perspective on the issue.
According to the findings, as much as 61% of British respondents didn’t know what laws would apply to their personal data after Brexit. Another 62% weren’t aware of how their data would be protected after the UK left the EU.
So while we should have some clarity by now, we are still discussing a lot of “what if” scenarios across the political spectrum and the media.
Who is currently regulating British customer data?
The data generated in the UK is currently governed by the EU’s General Data Protection Regulation (GDPR). But what happens after October 31st?
Number 10 Downing Street did set out some guidance on data governance last year, but it was withdrawn on March 1st, 2019 (further adding to the uncertainty surrounding the issue).
Who will regulate British customer data after Brexit?
The UK government has always maintained that following Brexit, GDPR will be absorbed into British law. But there’s still no indication about when that will happen.
Artmotion’s founder and CEO, Mateo Meier, said “the British government needs to do more to address these issues and mitigate risk. There is a lot of confusion and fear surrounding the impact of Brexit on cloud data, and it will help many business owners if these issues are discussed in greater detail.”
There’s also cause for concern as a French data protection regulator recently announced that in the event of a no-deal Brexit and the absence of an adequacy decision, the UK would be treated like any other country (or as a third country) that is outside the European Economic Area.
It’s also highly likely that other EU country regulators will adopt this approach, and this could have some ramifications for British companies. For example, they might have to implement new protocols to oversee the data transfers by data controllers and data processors.
What’s the potential impact of a No-Deal Brexit on British data?
To alleviate fear and appease their customers, for example, retailers could migrate customer data to mainland Europe, leading to a loss of jobs and tax revenue.
This scenario is highly likely as 53% of respondents preferred neutral and politically stable countries like Switzerland to host their data. Switzerland was followed by Iceland and Norway as suitable destinations to store sensitive personal information.
According to Meier, “while the British government was busy engaging in political debates, Switzerland focused on stability and innovation. This has paid off as we’re now seeing an increasing demand for IT infrastructure hosting and backup solutions here in Switzerland.”
It’s important to address this issue as 80% of the respondents were unsure if Brexit would have a positive or negative impact on cloud services providers. Only 4.8% of respondents believed that Brexit would have a positive impact on cloud companies.
It can also have a far-reaching effect on British businesses as only 12.5% of US customers would choose a UK-based cloud services provider after Brexit.
For example, British brands with a global audience might be forced to move their data and operations out of the country to accommodate the demands of their customers. The present situation could also hinder the growth of the British cloud market in the long-term.
Even though a hard Brexit is just weeks away, no one really knows for sure what will happen after the UK leaves the EU.
So even if the government fails to act, British organizations must explore the complexities surrounding data protection now to avoid potential compliance violations and loss of revenue.
Let's take this conversations over to Twitter!