Is GDPR still a threat to post-Brexit data protection?

With the wheels of Brexit now in motion there is a pressing need for the UK to update its approach to data protection

‘UK businesses should come to terms with the likelihood of them facing a heavily EU-influenced data protection landscape for the time being’

‘UK businesses should come to terms with the likelihood of them facing a heavily EU-influenced data protection landscape for the time being’

Many technology professionals had started to lose faith in the EU long before the Brexit vote was announced – driven by a general distrust of EU legislation and a string of EU snooping scandals.

However, while many may have harboured hopes that an independent Britain offered the potential for a higher quality of data privacy legislation – away from EU snooping and mandatory data “back doors” – it is difficult to foresee that actually coming to fruition.

The new prime minister has made her feelings on this topic plain as the chief sponsor of the so-called ‘snoopers’ charter’, and there is little sign from the current government of an understanding of the realities of data protection for companies.

The ability to keep customer information safe is crucial to businesses today, and any threat to that is likely to cause significant unease.

>See also: Will Brexit cause a Techxit? 10 ways Britain’s EU exit will affect technology

For example, Artmotion’s survey of IT decision makers in the UK showed that one in five would not support any weakening of encryption technology – even for the sake of national security.

Three in five also claimed they would not trust the government with the security of their private information. Even before the referendum, one in five felt these concerns were serious enough to remove their data from UK jurisdiction.

Now that Brexit is confirmed, though, these concerns do not magically disappear. Despite no longer being part of the EU, UK businesses should come to terms with the likelihood of them facing a heavily EU-influenced data protection landscape for the time being.

If the UK wishes to continue trading within the EU, it will almost certainly have to adhere to some comparable data protection and cyber security laws –including the EU’s long-feared General Data Protection Regulation (GDPR).

According to Chiara Rustici, an independent EU privacy analyst, “The GDPR is going to affect UK businesses offering any type of service to the EU market, regardless of whether the UK is in the EU or not.”

For businesses, that means any delay in their compliance plans could be very damaging. Certainly when it comes to the requirement to appoint dedicated data protection officers, companies should continue with their plans – GDPR or no GDPR.

To a certain extent, making a greater investment in data protection compliance and governance is good for business.

That doesn’t mean that this isn’t a useful time for companies to consider all of their options in terms of their data protection arrangements.

One of the key advantages businesses have today is that as data hosting becomes less and less dependent on physical location, organisations are increasingly given free rein to store their data wherever they choose.

>See also: Brexit: what are the supply chain implications?

This means that – through sensible hosting decisions – businesses can start to regain control of their data security. This freedom means that organisations can choose to host data exclusively in high-security data centres, without the constraint of where that data centre is based.

In addition, businesses can also choose to move their data to countries where individual privacy is taken seriously and governed by stronger legislation.

When it comes to highly sensitive financial information, the fact is that for many organisations data privacy is better served by moving their data hosting to countries outside the UK and even outside the EU.

Countries such as Switzerland have far stronger regulations when it comes to data privacy and security, such as the Swiss Federal Act on Data Protection (FADP), and can offer more comprehensive protection in high security data centres offering the latest encryption technologies and dedicated servers.

Sourced from Mateo Meier, data privacy expert and CEO, Artmotion

Comments (0)