Why Brexit could cause data privacy headaches for US companies

28.06.2016
The impact of the United Kingdom vote to withdraw from the European Union could have far-reaching consequences for international companies, which may need to rethink their data management policies.

“As a part of the European Union, there is a general directive that all nations abide by a guide,” says Geeman Yip, CEO of cloud consultancy BitTitan. “Now that the UK is not a part of the EU, the previous baseline directives that were adopted will change.”

Said another way: When the UK is part of the EU it has the same data sovereignty laws as other countries in the EU. When the UK breaks away, those laws could change. Companies operating in Europe may have to manage one set of data privacy laws for the UK and another for EU-member countries. The issue will impact both cloud and managed service providers who may need to offer additional options for customers to host data across Europe, and enterprise end users who may need to reconsider where their data is stored in Europe.

It’s all too early to tell exactly what the impact will be, but experts encourage enterprises that operate across Europe to monitor the situation closely.

Another issue dates back to last year when the European Court of Justice sent shock waves across the world by ruling that the US-EU Safe Harbor Agreement was invalid. In response to that, the EU created the General Data Protection Regulation (GDPR), which is expected to be the common standard across the EU for data privacy laws. Now that the UK is exiting the EU, it’s unclear if the country will adopt GDPR standards as well, or have its own. “I anticipate (the UK will) structure their privacy and regulatory laws in a fashion similar to the EU,” Yip says.

The UK’s central role in U.S. companies’ international operations makes this an important issue. Many large U.S. cloud technology vendors have data centers in the UK that act as hubs for Europe, says Dana Simberkoff, compliance and risk officer at SaaS consultancy AvePoint. Depending on how the GDPR rules shake out, it could push companies to expand their data footprint into other EU-member countries. “From a business perspective, Brexit may impact the development of new data centers in the U.K. as cloud providers may choose to pause those plans until the U.K. plans are made clear,” Simberkoff wrote in an email.

Dana Simberkoff, compliance and risk officer at SaaS consultancy AvePoint

Doug Loewe, the vice president of international sales for Interxion, a company that offers data center and collocation space across Europe, says expanding beyond the UK and into Europe isn’t necessarily a bad thing for companies with international footprints. “Brexit has put a bright spotlight on the need to look at where your data sits, both for data privacy and performance,” noting that having data situated closer to end users decreases latency.

Research firm Gartner expects Brexit will cause some trepidation in the IT market as these data privacy issues are sorted out. “Now many new long-term strategic projects will be put on pause and likely not restarted until 2017,” the research firm noted.

Yip, with BitTitan, is more optimistic. “Bottom line – the UK is the most stable country in EMEA in which to do business,” he notes. “This is the UK’s opportunity to blaze their own trail in the cloud, away from the EU and arguably in a manner more favorable to tech companies looking to innovate while operating under its governing umbrella. In a few years, the EU might be reworking their own regulations to abide by the standards established in the UK.”

(www.networkworld.com)

Brandon Butler