Data Protection & Brexit: What Happens Now?

Data Protection & Brexit: What Happens Now?

Let's take a look at how leaving the EU could impact hosting, data storage and transfer for UK Businesses and what we should be doing about it now.

Since it was decided back in 2016 that the UK would be leaving the EU, much has been done to prepare for the inevitable departure, or so rumour has it. Talks of free-movement, migration and job security have been the subject of national debate as the government attempt to cut its ties with the EU without losing any economic momentum.

But How Will Brexit Affect Your Business and Its Data?

Much speculation and hearsay has surrounded Brexit and what comes after it. Each delay to the departure causes more unrest. Relationships with international companies are becoming more strained and businesses aren’t sure what move to make next. New regulations, changes in legislation and potentially harsher rules make for a big change.

Many of you are already preparing for whatever may happen on October 31st. Businesses anticipate a turbulent time and are frantically seeking the right advice should a no-deal Brexit occur. As more information is released about the changes of special data handling laws, including eCommerce, data storage locations and the EU’s data conditions, we start to gain an important insight into how things could be post-departure, but it is all very grey and uncertain.

What Is the UK’s Current Agreement With the EU?

All countries currently within the EU follow the same set of rules, created by the European Commission. Whether it be about taxes, working conditions, agricultural matters or data protection, there are certain standards to be adopted and maintained in order to secure a spot within the economic partnership.

If a nation decides they want to be a part of the EU, they must prove that their laws and legislations adhere to the standards set by the Commission. If they don’t, they’re simply not accepted into the partnership or are asked to make amendments. If they do, then welcome to the fold, you’re now an EU citizen!

The UK joined the European Community in 1973 and have since been an integral part of the partnerships history and development, adopting any new changes that the EU have set throughout the years so we are pretty much up to date, for the moment.

But What Happens When A Country Decides To Leave the EU?

That’s where it gets a bit more complicated. The relationship that the Commission has with non-EU countries is deemed fair, but legislations, regulations and laws that apply to ‘Third Countries’ (countries not part of the EU) are heavily audited and examined before a relationship can be established with them and this takes time. 

For example, the US & EU have their own agreement in place, not surprisingly called the EU-US Privacy Shield. This arrangement was made to appease both parties, ensuring that data could flow freely between them and they enjoy the highest, most transparent level of security.

Agreements like these are established by examining the laws around Data & Security within the prospective partners’ countries. If, for example, the EU was not happy with the plan that the US wished to execute for their Privacy Shield, then they would be forced to go back to the drawing board and reassess their arrangement until they can both come to an agreement. If no agreement is made, then no deal is secured - simple.

With the UK on its way to becoming a ‘third country’, we can expect the same treatment and examination as all other non-EU countries. Luckily, the UK are currently compliant and up to date with all Data Protection Laws and made a huge shift last year by adhering to all GDPR requirements. The transition will be far smoother than some are anticipating because fundamentally we will be compliant.

However, if the UK crashes out with a no-deal, the Commission will be forced to wait for the UK to come back with a ‘new’ plan for how they wish to treat any future sensitive data leading to further uncertainties in the business world.

Our newly coined ‘Third Country’ will have to go through the lengthy process of reapplying due to the lack of preparation and no post-Brexit agreement in place. 

After all, when Brexit is over, the UK is free to manipulate their laws and regulations however they like. The EU must observe those following months and assess if they wish to establish a new agreement - it seems like the UK will still be in the grip of the EU even then.

And What If the EU Doesn't Like the New Agreement?

Until the UK prove that their side of the deal is adequate and meets EU standards, the current Data & Security arrangements will cease to continue, and strict guidelines will be put in place. This would most likely lead to restricted access to the Europol database or any other databases that come under EU governance, which is obviously not ideal from the perspective of UK business.

There’s no time limit for how long this would take and what limitations the UK would experience in the meantime. All we know is that the criteria is strict, regulated and must be of the highest standard. 

So, What Can I Do To Prepare for a Deal or No-Deal Brexit?

It’s very simple: if the UK goes out with a no-deal and has to re-establish a relationship with the EU, they’d have to work from ‘home’ for the time being. The way that sensitive information moves within the UK will not change, so it’s highly advised that all UK-based companies make changes to ensure that their data is safely stored in the UK - beware some cloud based systems that can host your data over multiple locations.

As stated by the Government, GDPR will continue as normal regardless of the way we leave the EU, so it’s highly advisable that all businesses continue to stay up to date with all GDPR regulations and monitor regularly for change.

As the free-flow of data will go uninterrupted within the UK, it is highly recommended to relocate your data servers to a UK-based company to prevent a scenario of not being able to access your data within the EU. Be sure to choose a hosting solution that will support your business and provide ample security, such as hosting provided by Siruss.

It’s also advisable to keep in close communication with any of your international partners and prepare for business to go uninterrupted in the event of a no-deal. It’s as important for your European associates to know what’s happening just as much as you.

Be vigilant and stay up to date with any news or change in the privacy laws post-Brexit and be sure that your business is adhering to or can adapt to any and all adjustments. 

Whilst the UK patiently waits to hear back from the EU regarding its adequacy of handling sensitive data, the Government has released guidance to further explain how the free flow of data will work between the UK & EU whilst in a transition period.

Is My Business More Vulnerable To Cyber-Crime Now?

Whether or not you’ll be the victim of a cyber-crime attack is unknown, but as the UK withdraws from the EU it also potentially withdraws from any future European cyber protection. Hackers know this already and may take advantage of this vulnerability and carry out a series of cyber-attacks. The likelihood of this happening is unknown, but what is sure is that if you’re storing sensitive data, you must be extra vigilant and prepared for future threats.

Fortunately, both the UK & EU have already announced that they will continue to treat the protection of data and cyber-crime with utmost priority, maintaining somewhat of a relationship with each other to continue protecting themselves against any future vulnerabilities - partners or not. However, to what extent this will go nobody yet knows.

Final Thoughts

It’s important that before October 31st, you must review your current cyber-security arrangements and properly prepare yourselves in the event of potential threats, changes to legislation and meeting future requirements. You can implement this by ensuring all staff are fully trained and able to identify an attack, creating a fast and efficient response to any future attack and/or threat, and seeking to use only the most compliant, effective security software and hosting.

At Siruss, all our servers are located in wholly owned UK data centres with high level support and management contracts with the UK companies that run them. Hosting your websites and data with Siruss means you have no issue of being on the wrong side of data sovereignty.