Global Firms Could Pull Data Out of Post-Brexit UK

Global Firms Could Pull Data Out of Post-Brexit UK

Data sovereignty is set to become an even more important issue for IT professionals as the UK negotiates its way out of the EU in the shadow of the GDPR, according to consultancy CNS Group.

The firm polled over 200 attendees at the Infosecurity Europe show in London last month and found 92% thought it “very” or “fairly” important that data is stored, accessed and backed up in the UK.

However, disappointingly, only a quarter (27%) claimed they were “very certain” this is the case.

Still, the forthcoming major changes to Europe’s data protection laws in the form of the EU GDPR is likely to focus minds on the issue, according to CNS Group CEO, Shannon Simpson.

She claimed that, irrespective of size, UK organizations will have to know where their data is stored and managed, and even post-Brexit they’ll still have to comply with the GDPR if they want to trade with the bloc, which will mean paying closer attention to such matters.

Specifically, they’ll need to know where data is stored and backed-up; who has access to it; and how it’s encrypted, CNS Group argued.

The spectre of Brexit is likely to create “clearer lines of data sovereignty,” with UK firms keeping data in the UK and EU and global firms keeping it in EU countries, according to Simpson.

“For British firms the weaker pound will make off-shoring costs more expensive. Depending on the data they hold – i.e. if its only UK citizen data and not that of European citizens – they may wish to ensure their data is in the UK to avoid additional EU regulation,” Simpson told Infosecurity.

“The new GDPR means that there will be more stringent data transference rules to moving EU data out of the EU, hence to the UK. The cost of this additional regulation, audit and scrutiny may be enough to convince firms that keeping the data in Europe is more cost effective.”

Simpson’s comments echo those of legal and data security experts, who have warned in the past that if the UK fully exits Europe and fails to create a legal framework mirroring that of the GDPR then its digital economy could be decimated. 

Source: Information Security Magazine