Trick or treat? How will a Halloween Brexit affect the data industry?

Data Security


With the deadline for the UK's Brexit decision now put back to October 31, businesses might well view Halloween 2019 with terror. With data processing and storage so vital for many sectors, the question of how Brexit will affect data movement across borders is a significant one.

A Google search for the words "Brexit" and "Uncertainty" delivers more than 27 million results. On the other hand, you'll find just seven million results for "Brexit" and "Clarity" and a quick scan of those finds that they concern "lack of clarity". If there's one iron rule of Brexit it's that nobody knows anything.

There are, broadly, four possible outcomes on or before October 31. For our purposes, we can ignore two: if the process is delayed beyond October 31 or if the UK somehow decides to stay in the EU or revoke Article 50 for a longer rethink, then nothing really changes.

Deal or No Deal?

There are two relevant scenarios: A no deal Brexit or a departure with a deal. Let's start with the deal, since that is what both sides want to achieve before the new deadline.

Currently, as an EU member, the UK is subject to data regulations, such as GDPR, that have been assembled over several years. These regulations allow data transfers between the UK and the EU, and vice versa. But they also cover data moving between the EU and elsewhere. Tearing them up affects the UK's agreements with the EU but also any other country to which it might send data.

Perhaps your company stores its data in the EU, or you have customers there. In either case, you could find it difficult to process that data in the UK.

If the UK leaves with a deal, then existing regulations should continue to apply during a planned transition period. Under the original schedule, with the UK leaving at the end of March 2019, this period was due to last for 21 months - until the end of 2020. During that time, data would flow as usual, while regulations are renegotiated. In theory, businesses should then have plenty of warning of the new regulations - whatever they might be - and could plan accordingly. But there is a lot to renegotiate and it's not impossible that the transition period could be extended or that some negotiations would happen with the UK outside the EU.

In the event of a no deal Brexit, the UK Government has already confirmed that it will not restrict businesses from sending data to the EU. However, the UK cannot set regulations for data coming the other way. Much will depend on how the EU views the UK.


An adequate compromise

The UK needs "adequacy" status to show that it meets EU standards and data can continue to flow. Only a handful of countries have adequacy status, however, so it is not a given, particularly if the EU takes the view that the UK will use its departure as a chance to cut regulation, for example around data privacy.

Optimists say that securing adequacy status will take a few months, but the EU's data protection supervisor has warned that it could take years and the UK will have to join the queue behind countries that are already trying to get an adequacy decision.

In that case, businesses will face substantial disruption. Furthermore, adequacy status is unsatisfactory because it can be revoked at any time. Ideally, UK businesses would want some kind of regulatory cooperation on data, but this would take time to agree. Meanwhile, the UK would be simultaneously checking its regulatory compliance with the US and other nations with which it does a lot of business.

Taking steps

Any company that hasn't done it already needs to follow the ICO's six steps to take for leaving the EU. These include maintaining current compliance standards and conducting a thorough review of data flows and structures.

Some companies have opted to duplicate their data operations in Europe - for example in Dublin or Amsterdam - and simply treat the UK as if it is already outside the EU. This is costly and time-consuming, so it isn't an option for every company.

For companies that use third parties to store their data, it can be important to ensure that data does not cross borders or change jurisdictions. This could now be a problem with the EU, which has led to some suppliers adding the UK as a separate zone for data compliance. Box, for example, did so back in January.

Businesses like to minimise uncertainty as much as possible, which is what makes the current situation so frustrating. Unfortunately, as Google will tell you, Brexit and uncertainty go together like Halloween and pumpkins.


Written by Shane Richmond (Guest)

See Shane Richmond (Guest)'s blog

Shane Richmond is a freelance technology writer and former Technology Editor of The Daily Telegraph. You can follow him at @shanerichmond

Related blogs

UK Datacenters and Brexit: Time to Think About a Move?

The Brexit divorce has now been pushed off until at least October 31 of this year, and as with any impending separation, it creates a good deal of uncertainty for all parties involved. For datacenters, there are two key issues of concern: 1) the ability to ensure a stable and affordable supply of electricity post-Brexit; and 2) issues relating to data and privacy. Being energy-focused, we will spend more time discussing the former.

Read more


Industrial HPC Solutions: Cybersecurity

The world we live in has always had its challenges. Today, thanks in part to the data explosion as we are now firmly in the fourth, data-driven paradigm, the challenges are more complex, including how to protect and secure important data in this digital world.

Read more


Losing an ARM: Can Huawei Survive Without their Chip Design Partner?

Like a b-plot from a particularly bad Bond movie, the Huawei security scandal has been a bit of a slow burner, with the roots of the saga reaching right back to January 2019 at CES, when AT&T announced themselves as the first major partner to ditch the Chinese technology giant. The next month, the director of the FBI warned against buying their phones and by May, Huawei and ZTE phones (ZTE being another company with potential ties to the Chinese government) were banned on US military bases. In the ensuing months, established partnerships began dropping like flies.

Read more

We use cookies to ensure we give you the best experience on our website, to analyse our website traffic, and to understand where our visitors are coming from. By browsing our website, you consent to our use of cookies and other tracking technologies. Read our Privacy Policy for more information.