Brexit: What does it mean for your data protection?

Prior to the referendum, it was expected that the UK would have to comply with the European General Data Protection Regulation (GDPR) which would come into effect in 2018. Now the UK's need to comply with this regulation is unclear. Here's what you need to know.

Thursday 23rd June 2016 marked a significant day for the UK. As the majority of the public voted to leave the European Union, there has been a lot of uncertainty around the future of the UK and the direction we would be taking following the EU referendum.

With the ongoing political turmoil in the UK, it could be months or years before the British government invokes Article 50, should they decide to do so, followed by a further two years of negotiations.

This uncertainty over the future direction of the UK has the potential of causing paralysis with regards to the strategic planning within certain facets of organisations, particularly those that require long-term investments such as those within the IT sector.

One aspect that has, and will continue, to be heavily impacted by Brexit, is that of data protection and data sovereignty legislation.

With the adoption of online data backup and other cloud technologies becoming more commonplace, the UK government’s stance on data sovereignty will play a key role in the decision making of IT leaders.

Does the UK still need to comply with the EU’s GDPR?

Prior to the referendum, it was expected that the UK would have to comply with the European General Data Protection Regulation (GDPR) which would come into effect in 2018.

Following the vote on the 23rd June, the UK’s need to comply with this regulation is now left unclear.

The country may decide to implement their own data protection laws, or may still choose to adopt the GDPR.

Either way, organisations will need to consider this when deciding which cloud service providers to partner with.

With no clarity at this stage as to which direction the UK will go, organisations should bear in mind that if the UK as a whole wishes to work with the EU single market on an equal footing, then the UK will require data protection legislation that offers equivalent protection to that of the EU.

On this basis, it’s safe to assume that UK legislation will closely mirror that of the EU’s GDPR.

Choosing the right backup service provider

Choosing the right backup provider at such an uncertain time will minimise the level of stress felt by your organisation.

The right provider will be able to ensure you of the next steps you should be taking when it comes to protecting your data to remain compliant with any regulations that come into effect.

An assuring indication that a provider takes procedures and security seriously will be if they are ISO 27001 and 9001 certified.

There are a growing number of companies who refuse to work with cloud service providers who are not ISO certified. Furthermore, the ISO certifications are evidence of the provider’s attitudes towards the management and security of their platform, meaning you can rest assured you are working with a reputable provider.

In addition, some businesses are already subject to industry legislation which prevents them from storing their data outside of Europe, others are legally obliged to store data within the UK’s borders and for others it doesn’t matter.

However, for any business looking to adopt cloud backup, it is important to understand the location of the provider’s data centre.

This is particularly true with the current state of uncertainty amongst business leaders who remain in the dark on how Brexit will impact data protection.

Paul Evans is the managing director of Redstor.

Praseeda Nair

Praseeda Nair

Praseeda was Editor for from 2016 to 2018.

Related Topics