The vote to leave the recent EU referendum has left shockwaves throughout the nation, with many huge corporations left disappointed and wondering what will happen.
Amid the confusions and shock however, they may be a small corner of Britain’s corporate world that are actually breathing a sigh of relief; they cyber-security departments within the UK’s biggest companies.
The vast majority of workers within the technology sector were avid remain voters, due to many factors; such as concerns over immigration; many of the engineers working within British start-up businesses for example are EU nationals, and a Brexit vote could leave questions looming over how it would affect their access to European customers.
Brexit raises another issue for workers within the technology sector however; what will it mean for the future of how our data is governed?
In recent years, the EU has implemented a huge new element of law on data, known as the ‘General Data Protection Regulation’, due to come into force very soon. The new law has been designed to replace the disparate collection of national data regimes, and it is set to enforce new, strict rules, giving new powers to regulators of data. What this new law means is that businesses will have to obtain clear consent before they are able to process citizens’ information, they will also have to disclose when there has been a data breach within a certain time period or face fines up to 5 per cent of their global revenues.
The new law has already faced criticism for being too strict, but was set to be adopted wholeheartedly, despite the fact that becoming compliant would mean investing large amounts of time and investment, in a period within which budgets are squeezed.
The Brexit vote has therefore thrown a spanner into the works, and means that the future of data protection and privacy has become unclear and uncertain in the UK. Many companies that deal with the EU will still have to abide by the new upcoming legislations, at least when they are dealing with customers based in the EU. But for others, the future has become unclear.
Those technology companies who are currently strapped for cash however will be breathing a sigh of relief, as they hope that Brexit could well mean spending less time and money on IT, and result in fewer restrictions on protecting their customer’s personal information.
One cyber security consultant for example, claimed that companies were expecting to have to pay out between 5-10 times what it cost to patch the Y2K bug – which cost hundreds of billions worldwide – to comply with the new laws.
Some companies decided to put their spending decisions on hold, until the EU referendum results had been announced, and now they may not even have to spend it at all.
While the decision may be that the UK decides to take on the EU privacy laws anyway, in order to stay compliant with the single market rules and regulations, the vote to leave does represent a fresh opportunity for the UK to tweak the rules. Countries outside the EU that want data to flow freely across borders without complicated arrangements must convince Brussels that its privacy laws are up to scratch.
Last week for example, the ICO said that the GDPR, or something very similar to it, will have to be applied “if the UK wants to trade with the single market on equal terms”, suggesting it will push the Government to stick close to Europe.
But if the UK opted to overhaul all data protection laws, a chasm could infact be opened up between the UK and the EU on data.
However, if the UK decided to liberalise the, it could have its upsides. Less belt-tightening laws on data protection could encourage more investment into other areas such as artificial intelligence, an area in which Britain excels within, as shown by the many acquisitions of home-grown AI businesses by the likes of Google. Other benefits could be that we would be able to introduce our own systems of pay curbs for executives within companies that fail to protect their customer’s data – potentially a more effective incentive.
An independent Britain, beginning to figure out its own data regulations, could find it even more difficult to agree a data pact with a wounded Europe.
Any failure could produce a headache for any British company doing business on the continent, especially for those employing people abroad. UK investment in areas such as data centres, as announced by Microsoft and Amazon, could be affected.
With cyber attacks on the rise, corporate IT defences creaking and the growing importance of technology to the economy, it is an unfortunate time to be questioning the future of our data laws. Whatever our politicians negotiate, they should act to ensure that information transferred across the Channel is not interrupted, sooner rather than later.
If you are looking for IT solutions, including data destruction, data recovery and more, XPO IT Services Ltd can offer you a trustworthy and secure solution. With over 10 years of experience, our secure Data Destruction meet the standards laid out by bodies such as CESG and Ministry of Defence, whilst our ISO 27001 accreditation ensures we comply with the Secure Destruction of Confidential Materials BS EN 15713:2009 code of practice.