Member Article

Data sovereignty and its impact on your ICT

With the date for the EU referendum growing closer, a change to the laws on data sovereignty is one of the hottest topics in IT circles.

For businesses that have embraced cloud technologies and bought into the XaaS (‘Everything’ as a Service) model where IT is delivered via the internet like a utility, the implications of a Brexit are considerable.

Data sovereignty: The biggest concern is around data. A survey of public and private sector IT decision makers sponsored by VMware showed that 34% of the businesses held their data outside the country, and 76% held a certain proportion of business critical data overseas. Worryingly, only a third could be certain about where their data was held.

Data legislation: The General Data Protection Regulation comes into force across the EU in 2018 – around the same time as Brexit would come into effect following the two year exit period – and will affect UK businesses trading with those based in Europe. Changes to our data protection rules will happen whether we stay or go.

While leaving the EU would give us the freedom to create our own data protection rules, they are likely to still need to comply with the GDPR and be stringent enough to convince the European Commission and the wider world that the UK provides a safe data environment.

The Information Commissioner’s Office will need to advise businesses around the issue of data leaving the UK. Opinion is divided on whether there will be a new ‘Safe Harbour’ style of agreement put in place, or whether the UK could be classified as similar to Canada, which has just negotiated a trade agreement with the EU which adds them to the Commission’s list of safe countries. This in itself is problematic as the draft Communications Data Bill could be regarded as a workaround to EU-strength data protection laws.

If we find ourselves outside the EU, businesses with data held overseas could face having to transfer their data back to the UK. Many people are unaware that it is not prohibitive or difficult to get to that point, and most of our clients make an informed choice to store their data in our UK owned and managed data centres.

Staff and skills: A vote for Brexit could mean our borders closed and EU residents no longer able to come to the UK to find work. Would we see workers and their families being forced to repatriate? A lot of UK-companies employ EU staff in their IT teams and we could see entire organisations deciding to relocate from the UK. None of this bodes well for fixing the skills gap across the IT industry and will do little to reinforce our reputation as digital leaders.

Cost: another potential problem for businesses is one of pricing and harmonisation. We could see the imposition of import and export tariffs, increasing costs and making it more expensive to do business with European clients. Many of the large American suppliers such as Cisco and Microsoft also have separate UK and EU businesses, however all this may change if the Brexit campaigners succeed.

Whether it is data sovereignty, pricing, staff or any other aspect of ICT, a Brexit vote could spell problems for IT managers.

While it is difficult to plan for an event which may not happen and would involve a two-year negotiation and implementation process if it did, this is an issue with serious implications, and one that your CIO or IT manager needs to be raising at board level now.

If you need help from a data security expert certified to ISO27001, give us a call.

This was posted in Bdaily's Members' News section by ITPS Ltd .