How will Brexit affect UK data sovereignty?

How will Brexit affect UK data sovereignty?

10 March 2017

The United Kingdom is leaving the EU; that much is certain. Since the 2016 EU referendum, the technology industry has already seen elements of change as organisations start to prepare for Data D Day. One of the key questions UK businesses are now starting to ask is whether their data hosted in the EU will still adhere to data sovereignty rulings under the GDPR.

We talked to Mark Hohenberg, manager of Hosting Techniques Limited (HTL), a hosting solutions provider based solely in the United Kingdom, and sister company to Prodec Networks. Here’s his take on data sovereignty, and how it could affect businesses with data stored outside the UK.

What is data sovereignty, and why is it important?

Data sovereignty is the concept that data stored in a specific country needs to comply with the laws of said country.

Whilst this concept seems simple enough, a number of sub-laws and agreements between countries make the legal storage of data in different locations around the world far more complicated. For example, countries such as Russia have localisation laws, which state data pertaining to Russian citizens should be stored in Russia.

These added complications can decrease the flexibility of the cloud, and with “Brexit” offering opportunities for the UK to create new data sovereignty laws, it’s important that businesses prepare in advance to avoid being potentially caught out.

Sovereignty of data is of great importance to all businesses, primarily because the laws governing access rights differ greatly from country to country. A good example of this is the United States where access to data held in country, even if stored by an international business, can be freely gained by federal agencies through their Patriot Act.

Mark Hohenberg, Sales Manager

What could Brexit mean for data legislation in the UK?

The European Union has a number of data protection rulings that apply to all countries in the EU. These directives mean that there is essentially a free movement of data between countries in the EU, something that the UK will potentially no longer be privy to. Current EU legislation on data protection states that “special precautions need to be taken when personal data is transferred to countries outside the European Economic Area that do not provide EU-standard data protection”.

UK data legislation could change too, as laws previously controlled by the EU may soon be invalid in the UK once Article 50 is invoked. This gap in regulation will need to be clarified with new legal stature that will highlight how UK-data can be legally stored, and more importantly where. As UK data sovereignty laws are written, businesses need to be ready to deal with any potential repercussions.

There are also potential security risks following Brexit. Mark believes that “with the well-publicised and impending change of status for the UK within the European Union, there is concern that the rights protecting UK businesses’ data when stored within the EEC will be significantly compromised, decreasing overall security and giving greater potential for loss of Intellectual Property (IP) or system hacking.”

What can businesses do to prepare for new data legislations post-Brexit?

The safest thing for businesses that have data stored on the continent is to simply migrate it to UK-based data centres that are owned or managed by UK-based companies. This ensures data stored in these data centres are subject to UK data sovereignty directives, and therefore avoids any risk that may occur if a business decides to keep their data in a country based in the EU. Of course, this only applies if the data you store relates to UK citizens and businesses. If your data is multinational, moving to the UK could cause additional complexity.

Whilst most large cloud providers hold “local” primary storage facilities for UK businesses in Dublin and Amsterdam, the approach taken by HTL differs. HTL data centre facilities are housed exclusively within the UK. Therefore, client data will remain unaffected by the change in European status, ensuring that all UK HTL customers retain the full protection of the British Government and its stringent data sovereignty laws.

Mark Hohenberg

Do you host data in the EU, or are you worried that your data might be affected by Brexit? Learn what the GDPR means for your business and how the cloud can help by reading the Prodec Networks GDPR Survival Guide.

The GDPR Survival Guide

It's time to get practical and prepare for the GDPR. Are you data compliant?

Download The Guide

Related Content