With Brexit being delayed until October and no final agreement on a ‘deal’, the economic landscape remains uncertain. Andy Bevan, cloud sales specialist at Pulsant, discusses why although wider issues of trade, skills and legal matters may be out of an organisation’s control, businesses need to focus on elements they can take charge of such as IT and data.
Data represents close to £240 billion for the UK economy and, perhaps more importantly, 10% of the world’s data moves through the UK. In light of Brexit, with data jurisdictions changing, it is paramount for all businesses to be prepared and have a plan in motion.
But where to start? An important element of the managing, storing and transferring of data is compliance with legislation. One of the most important changes to data privacy and protection law took place last year in the form of the General Data Protection Regulation (GDPR).
Looking at how this relates to Brexit, GDPR is an EU regulation, but its principles are sound. However, if a business imports goods from the EU, there are likely to be changes in the way data is stored, transacted and processed. For example, data relating to VAT and shipping costs, customs duty, tax reporting, invoicing and supplier data may all require processing differently.
The European Commission has already made provisions for countries outside the European Economic Area in terms of data privacy. This data adequacy enables companies to conduct cross-border transfers while complying with EU data protection rules.
This is an important step which is needed for the UK, especially in light of the changes to the data agreements between the US and EU. The Privacy Shield pact between the US and EU enables companies to conduct cross-border transfers while complying with EU data protection rules. The pact replaced the Safe Harbour Privacy Principles which allowed companies to transfer the personal data of EU citizens to the US, ultimately deemed invalid by the European Court of Justice.
As a result, if a business transfers data between the UK and the EU, it will need to ensure that measures confirming data adequacy are in place. In addition to amendments to business processes, ensuring that the means to store, process and evidence best-practice data handling within your IT infrastructure and applications is key to compliance. Again, this ties back to GDPR; many of the steps and best practices are the same.
Until a final Brexit plan is agreed, it remains difficult for organisations to put solid plans in place regarding their data. Nonetheless, it seems likely that even in a no deal situation – given the value of reciprocal trade – the UK would be granted third country status under the data adequacy arrangements, meaning that data could still be transferred between the UK and the EU.
Looking to the advice of other industry bodies, such as chambers of commerce and research bodies, it is clear that the impact of Brexit will be felt long after the separation. Therefore, businesses should focus on the elements they can control, increasing their agility and flexibility to be prepared for any eventuality.
How can hybrid cloud help?
Using a hybrid hosting environment is one way to achieve this. If a business has a strategy in place that allows it to consume cloud services which are integrated with existing on-premises services and traditionally hosted environments, then it already has the flexibility in place to deal with change.
This doesn’t mean that businesses have to move everything to the cloud, but it provides a way to plan ahead, as well as a potential exit route, should it be needed — that is, moving data and applications into the cloud. It can also help with both mitigation of supply chain issues and resourcing through reduction in staffing requirements if these become issues moving forward.
What next?
Currently, this is a question with no answer. However, businesses still need to be prepared. This means engaging with stakeholders and staff, including IT partners to ensure a business is compliant and secure, regardless of the Brexit outcome.
It is imperative to understand where data is held, stored and transacted. Working with the right partner can also help to alleviate some of this burden around compliance and help to achieve the business agility needed to be competitive within the post-Brexit environment.
