Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why Brexit could cause data privacy headaches for US companies

Brandon Butler | June 29, 2016
With the UK leaving the EU, data privacy laws could become more disjointed across Europe

brexit

The impact of the United Kingdom vote to withdraw from the European Union could have far-reaching consequences for international companies, which may need to rethink their data management policies.

“As a part of the European Union, there is a general directive that all nations abide by a guide,” says Geeman Yip, CEO of cloud consultancy BitTitan. “Now that the UK is not a part of the EU, the previous baseline directives that were adopted will change.”

Said another way: When the UK is part of the EU it has the same data sovereignty laws as other countries in the EU. When the UK breaks away, those laws could change. Companies operating in Europe may have to manage one set of data privacy laws for the UK and another for EU-member countries. The issue will impact both cloud and managed service providers who may need to offer additional options for customers to host data across Europe, and enterprise end users who may need to reconsider where their data is stored in Europe.

It’s all too early to tell exactly what the impact will be, but experts encourage enterprises that operate across Europe to monitor the situation closely.

Safe Harbor issues resurface

Another issue dates back to last year when the European Court of Justice sent shock waves across the world by ruling that the US-EU Safe Harbor Agreement was invalid. In response to that, the EU created the General Data Protection Regulation (GDPR), which is expected to be the common standard across the EU for data privacy laws. Now that the UK is exiting the EU, it’s unclear if the country will adopt GDPR standards as well, or have its own. “I anticipate (the UK will) structure their privacy and regulatory laws in a fashion similar to the EU,” Yip says.

The UK’s central role in U.S. companies’ international operations makes this an important issue. Many large U.S. cloud technology vendors have data centers in the UK that act as hubs for Europe, says Dana Simberkoff, compliance and risk officer at SaaS consultancy AvePoint. Depending on how the GDPR rules shake out, it could push companies to expand their data footprint into other EU-member countries. “From a business perspective, Brexit may impact the development of new data centers in the U.K. as cloud providers may choose to pause those plans until the U.K. plans are made clear,” Simberkoff wrote in an email.

Brexit may impact the development of new data centers in the U.K. as cloud providers may choose to pause those plans until the U.K. plans are made clear.

Dana Simberkoff, compliance and risk officer at SaaS consultancy AvePoint

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.