Data sovereignty is one of the biggest challenges facing businesses post-Brexit. Business leaders are well aware of its importance and are concerned about the threat of a “data cliff edge” when the UK and EU divorce is complete.
Without a clear sense of what regulations and compliance requirements will be in place in less than two years’ time, UK businesses are attempting to figure out how to best protect their data, prevent business disruptions, and avoid costly mistakes. The ambiguity surrounding Brexit is producing more questions than answers, including: Where should UK businesses store their data? Should they move all of their data centres into the UK? How does the ownership of data centres impact data privacy? What threats exist by having data inside or outside the UK when Brexit is complete?
For business leaders, the lack of answers and a fear of the unknown is a source of frustration. But in this period of uncertainty, intelligent business leaders can navigate Brexit by transforming it into an opportunity, rather than a hindrance.
For UK-based organisations with data storage and private cloud services, the location of data is concerning. Ensuring security and control over your own data is key, but at the same time, complying with unknown future regulations and laws about privacy and data transfer is also a must.
As a starting point, adherence to the upcoming General Data Protection Regulation (GDPR) will be required when it goes into effect on 25 May 2018, as the UK will still be part of the EU. According to the UK’s Information Commissioner’s Office (ICO) – an independent authority that works to uphold information rights and data privacy rights for individuals – the UK government confirmed that leaving the EU does not impact the adoption of the GDPR. However, what will happen in 2019 when the UK and EU separate is anyone’s guess, but ICO’s advice is sound: prepare to meet the GDPR regulations next year and moving forward.
Of note, the GDPR doesn’t dictate where businesses keep their data. It only requires that EU organisations must store their data within the EU and make it inaccessible from outside the EU unless by a GDPR-compliant organisation. How that mandate impacts the UK has yet to be seen since the UK was part of the EU when the regulation was drafted, and it’s unclear if the UK will be GDPR-compliant when all’s said and done.
From a global perspective, the UK will also need to figure out how data exchange and cross-border data flow will be regulated. The free flow of data is important to business and innovation, which means the UK will need agreements like the EU-U.S. Privacy Shield, which allows for the exchange of personal data for commercial purposes. Without such frameworks, the often used example is that airplanes don’t fly because passenger data can’t be shared. Whether the UK can piggyback on agreements like the Privacy Shield or will need to create new understandings with countries like the U.S. is, again, something that only time will tell.
Today, data centres can be in both the UK or the EU because the free flow of data is a given, and the UK falls under the same protections and regulations as the EU. However, in two years’ time, many speculate that UK customers will need to be served by a UK-based data centre, just as European customers need a EU data centre. While there are no guarantees, the safe money is on this requirement.
What’s also not clear is whether this situation will encourage data centre providers to consider moving operations out of the UK to focus more on the continent, or if they will double down on both locations. Best guess: providers will tend towards the latter and Amazon Web Services (AWS) is an example of this. Even after the Brexit vote, Amazon held true to its word and opened its first AWS data centre in London at the end of last year, illustrating both its commitment to serving the UK, as well as business savviness.
Automating IT operations and adopting a cloud-based strategy might be the first steps towards tackling the unanswered questions surrounding Brexit and turning it into an advantage. Now is the perfect time to recognise the benefits of replacing expensive on-premise enterprise hardware and software with a move to the public cloud. Not only is it the lower cost option, but in this political climate, cloud providers like AWS, Microsoft Azure, and Google Cloud Platform (GCP) insulate companies from the management and maintenance of data centres.
While some businesses may be concerned about the rising rates of public cloud providers, their price adjustments appear to be tied to the Sterling’s drop in relative value. Even with modest increases, the price tag of some providers like AWS are still much lower than the costs associated with running data centres and private clouds on-premise, especially when maintenance costs are factored in. Taking this conversation one step further, how can Brexit be seen as an opportunity for companies to transform how they do business?
Organisations collect all kinds of data, but only a handful of them use effective data analytics that fuel data-driven business decisions. In fact, few companies do more than store their data because they lack the tools and resources to access their data in a seamless manner or because it’s expensive to run queries. Without a data warehouse built for the cloud, this process is challenging at best, and that means the true value of data is being lost.
Ironically, Brexit offers the opportunity to change that because organisations are being forced to reassess their IT operations and look at alternative, lower-cost methods for storing data. By moving to a public cloud and utilising a data warehouse built for the cloud, businesses can remove limits and constraints on data and make it accessible for decision making. Brexit serves as a catalyst to become a data-driven organisation, utilising data instead of storing it for a rainy day. After all, the forecast for the Brussels negotiations appears to be quite stormy.