Now that the UK’s decision to leave the EU has had a chance to sink it, the consequences for how the continent continues to do business together comes into question.
As important, is the question of how the UK will deal with personal data from the EU? In a data-driven world, any change in the way we transfer data can have a domino effect on business continuity and ultimately the economy.
When the Safe Harbour agreement was abolished by the European Court of Justice, governance of data transfers between the US and EU was left in limbo. Many companies were quick to offer their own “guaranteed hosting” solutions for the EU, before politicians on either sides ink dried on new regulations, which took the form of the Privacy Shield.
The question of data transfer now that Brexit has come to fruition is of even greater significance for companies who have dealings with the EU, and are already trying to deal with the new EU data protection law; the General Data Protection Regulation (GDPR). Coming into effect in January, most IT professionals will be aware that the GDPR involves more than a tweak to existing procedures. According to a survey that we conducted last year, three quarters of UK companies say that keeping up with data protection regulatory requirements will cost them financially. Achieving compliance involves all the departments involved in gathering, handling, processing and storing data to come together to use new tools, technologies and training.
Faced with this already complex compliance landscape, it is understandable for companies to worry about how much more complicated everything will become with the UK leaving the EU. Will the UK adopt a data protection regime that’s more onerous than its current one? Even with the referendum votes in, businesses should still make plans that work for both scenarios.
With Brexit becoming a reality, the UK will be governed by a different data protection regime, but wwill still need to comply with data protection measures to do business with the EU. In this situation, many of the current GDPR requirements should still stand. “GDPR is going to affect UK businesses offering any type of service to the EU market, regardless of whether your business stores or processes data on EU soil,” said Chiara Rustici, independent GDPR analyst.
With this in mind, businesses should stay on the course of preparing for GDPR, which should be well underway. However, with this being said, companies need to continue to consider how different scenarios might play out. The framework that is put in place needs to be flexible enough to adapt to a changing regulatory landscape. To paraphrase Donald Rumsfeld, the GDPR is a “known known,” the Brexit alternative is still a “known unknown,” even after the vote, but there are other “unknown unknowns” that will impact infrastructure design decisions, so companies should institute all changes with the understanding that the changes may need changes.
To ensure that you are prepared, no matter how the outcome continues to play out, here are five steps that should stand your company in good stead:
As the UK starts to figure out what Brexit means for the country, getting ahead of the game with your data protection policies will be worth the time no matter how regulations and business with the EU changes.
By Michael Hack, SVP of EMEA Operations at Ipswitch
Read the July EURO 2016 issue of Business Review Europe magazine.