Research suggests that a Hard Brexit could lead to significant confusion within the UK cloud market
An inquiry into public opinion suggests that fear and confusion could push sensitive personal data out of the country.
Data never sleeps. It’s generated every second of the day. So if the United Kingdom (UK) exits the European Union (EU) on October 31st, 2019, without a deal, there should be clear guidelines as to how personal data will be managed and protected.
But in reality, there’s a lot of uncertainty surrounding the rules that will govern sensitive personal information stored inside and outside the country.
This is evidenced by a recent study conducted by us at Artmotion. The research was conducted on both sides of the pond (covering both the UK and the US) to shed some light on the internal and external perspectives on the issue.
According to the findings, as much as 61% of British respondents didn’t know what laws would apply to their personal data after Brexit. Another 62% weren’t aware of how their data would be protected after the UK left the EU.
So while we should have some clarity by now, we are still discussing a lot of “what if” scenarios across the political spectrum and the media.
Who is currently regulating British customer data?
The data generated in the UK is currently governed by the EU’s General Data Protection Regulation (GDPR) and the Information Commissioner's Office.
But what happens after October 31st?
Who will regulate British customer data after Brexit?
The UK government has always maintained that following Brexit, GDPR will be absorbed into British law. But there’s still no indication about when that will happen.
Artmotion’s founder and CEO, Mateo Meier, said “the British government needs to do more to address these issues and mitigate risk. There is a lot of confusion and fear surrounding the impact of Brexit on cloud data, and it will help many business owners if these issues are discussed in greater detail.”
There’s also cause for concern as a French data protection regulator recently announced that in the event of a no-deal Brexit and the absence of an adequacy decision, the UK would be treated like any other country (or as a third country) that is outside the European Economic Area EEA.
It’s also highly likely that other EU country regulators will adopt this approach, and this could have some ramifications for British companies. For example, they might have to implement new protocols to oversee the data transfers by data controllers and data processors.
So sending data offshore to the EU won’t be an issue. But receiving personally identifiable information from a company based in the EU or EEA will demand predefined agreements, Standard Contractual Clauses (SCC), or other alternative mechanisms to keep things legal.
What’s the potential impact of a No-Deal Brexit on British data?
To alleviate fear and appease their customers, for example, retailers could migrate customer data to mainland Europe, leading to a loss of jobs and tax revenue.
This scenario is highly likely as 53% of respondents preferred neutral and politically stable countries like Switzerland to host their data. Switzerland was followed by Iceland and Norway as suitable destinations to store sensitive personal information.
According to Meier, “while the British government was busy engaging in political debates, Switzerland focused on stability and innovation. This has paid off as we’re now seeing an increasing demand for IT infrastructure hosting and backup solutions here in Switzerland.”
It’s important to address this issue as 80% of the respondents were unsure if Brexit would have a positive or negative impact on cloud services providers. Only 4.8% of respondents believed that Brexit would have a positive impact on cloud companies.
It can also have a far-reaching effect on British businesses as only 12.5% of US customers would choose a UK-based cloud services provider after Brexit. For example, British brands with a global audience might be forced to move their data and operations out of the country to accommodate the demands of their customers. The present situation could also hinder the growth of the British cloud market in the long-term.
Even though a hard Brexit is just weeks away, no one really knows for sure what will happen after the UK leaves the EU. So even if the government fails to act, British organizations must explore the complexities surrounding data protection now to avoid potential compliance violations and loss of revenue.
* The research was conducted via an online survey with 1080 respondents from a general representative population. The respondents were made up of men and women between the ages of 18 and 65 from the United Kingdom and the United States of America.