TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | Notes from the IAPP Europe Managing Director, August 26, 2016 Related reading: Global News Roundup: April 12–19, 2021



Greetings from Brussels!

Alas, as we near the end of August, one notices the uptake in traffic and increased bustle in the European quarter as folks return from holidays and start to focus on the run into the end of 2016. It’s been a balmy warm week here across Europe, and the calm, almost tranquil, pace of the last weeks here in Brussels is set to revert back to normalcy.

Like a lot of people, I have been scrutinizing the media outpour in the hope that we might get a clearer understanding of how Brexit is going to unfold. It is now eight to nine weeks since the U.K. voted — albeit by a slim majority — to leave the European Union. New PM Theresa May, known for her cold, pragmatic approach to politics, has tasked the "three ministerial musketeers" of Boris Johnston (Foreign Office), Liam Fox (Trade), and David Davis (Department for Brexit) with the arduous task of extracting the U.K. from EU membership as painlessly as possible; a three-way relationship which is already throwing up challenges and questions over negotiations oversight. 

If the media is anything to go by, preparations are still largely underway with many trade experts as well as private sector consultants still to be hired across key departments and the national civil service. Some of the projected administrative costs associated with the Brexit operations across the civil service are estimated in the billions of pounds. Some forecast that the U.K. government might not be ready with their exit strategy and trigger Article 50 before autumn of next year.

Clearly, the promise of Brexit is a very different beast in the cold light of day; although, frankly speaking, I don’t believe this was ever in doubt. A big question I have been pondering from the business perspective is how dramatically a post-Brexit U.K. regulatory environment might affect businesses providing cloud services, data hosting (server farms), or data storage operations from the U.K. The U.K. is and will remain an 80 percent services-oriented economy, servicing a significant EU base of clients either directly or through supply chains. Moreover, the U.K. is a dominant player in the digital space, along with Germany, France, and the Netherlands providing almost43 percent of data-center capacity in Europe according to TECH UK. Take one example, and think of the European data traffic that is U.S. bound — onward transfer — via the U.K. infrastructure. Arguably, the advantages companies saw in having data transfers to the U.S. launch from the U.K., with its perceived business-friendly, more liberal privacy compliance requirements may now be surpassed by the lack of assured status of the country in relation to the new GDPR framework. Furthermore, contrary to some popular opinion, moving server infrastructure to an EU-compliant location is not a simple process and would prove very costly.  If alternative EU server locations were the best viable option from a business sense, the main threat would probably lie with the U.K.-based SMEs and start-ups, as identifying alternative data strategies would prove impactful.

Understandably so, the new government hasn’t said yet whether it will apply the new package of GDPR measures. Compliance work takes time, and the earlier you know the requirements the better for any eventual transition. The limbo now facing U.K. business is certainly not ideal for a whole host of reasons. Whatever the outcome for data protection issues, one would hope that the U.K. does not move too far away from a GDPR-style model. The ICO has also cautioned against this, suggesting that U.K. data protection law should be as consistent as possible with EU standards. Business positions will largely be of a similar voice, with an emphasis on as little market disruption as possible.


If you want to comment on this post, you need to login.