When it was introduced, a lot of companies spent time and money making sure they were GDPR compliant, and since then they might have considered that as enough to make sure their data storage was compliant with any necessary laws. However, on the 9th January 2018 the European Commission published a notice to stakeholders confirming that, post-Brexit, the UK will become a “third country”. With Brexit finally coming into effect at the end of 2020, you need to make sure you know where your data is, and potentially take steps to prevent disruption post Brexit.
What issues will UK companies face?
Brexit will impact personal data transfers from the EU to the UK. The UK’s “adequacy” for EU Data Protection law purposes is not an automatic right and is a matter for decision by the European Commission. This means that if the UK isn't granted adequacy, it will be up to individual companies to make sure they are compliant with UK and EU data laws if they plan to transfer between the two.
Will the UK be granted adequacy status?
It's hard to predict how negotiations will go, but even if adequacy is not granted, there are other mechanisms for British firms to pursue to keep data flowing, but these aren’t going to be as simple as adequacy being granted.
There are a lot of reasons to think adequacy wouldn’t be a problem: the UK will be GDPR compliant at the point of Brexit and the ICO is well funded and run. However, there have been sticking points, such as the Investigatory Powers Act (IPA) which was deemed in breach of EU data protection law by the European Court of Justice (ECJ) in 2016. While the government has subsequently tweaked the IPA, it’s not clear whether those changes would stand up to a second round of scrutiny from the ECJ.
What should UK companies do?
Whilst it is unlikely, there is the possibility of UK companies being caught out on January 1st 2021 if the country ends up with a no-deal or Hard Brexit. Most companies that use cloud services (SaaS, IaaS etc) are not aware of where their data is physically being stored and this is something they should look into in the run up to Brexit. 4D Data Centres has written an in-depth Whitepaper on this subject called “The Cloud on the Ground” which can be downloaded by clicking below.