Trick or treat? How will a Halloween Brexit affect the data industry?

Data Security


With the deadline for the UK's Brexit decision now put back to October 31, businesses might well view Halloween 2019 with terror. With data processing and storage so vital for many sectors, the question of how Brexit will affect data movement across borders is a significant one.

A Google search for the words "Brexit" and "Uncertainty" delivers more than 27 million results. On the other hand, you'll find just seven million results for "Brexit" and "Clarity" and a quick scan of those finds that they concern "lack of clarity". If there's one iron rule of Brexit it's that nobody knows anything.

There are, broadly, four possible outcomes on or before October 31. For our purposes, we can ignore two: if the process is delayed beyond October 31 or if the UK somehow decides to stay in the EU or revoke Article 50 for a longer rethink, then nothing really changes.

Deal or No Deal?

There are two relevant scenarios: A no deal Brexit or a departure with a deal. Let's start with the deal, since that is what both sides want to achieve before the new deadline.

Currently, as an EU member, the UK is subject to data regulations, such as GDPR, that have been assembled over several years. These regulations allow data transfers between the UK and the EU, and vice versa. But they also cover data moving between the EU and elsewhere. Tearing them up affects the UK's agreements with the EU but also any other country to which it might send data.

Perhaps your company stores its data in the EU, or you have customers there. In either case, you could find it difficult to process that data in the UK.

If the UK leaves with a deal, then existing regulations should continue to apply during a planned transition period. Under the original schedule, with the UK leaving at the end of March 2019, this period was due to last for 21 months - until the end of 2020. During that time, data would flow as usual, while regulations are renegotiated. In theory, businesses should then have plenty of warning of the new regulations - whatever they might be - and could plan accordingly. But there is a lot to renegotiate and it's not impossible that the transition period could be extended or that some negotiations would happen with the UK outside the EU.

In the event of a no deal Brexit, the UK Government has already confirmed that it will not restrict businesses from sending data to the EU. However, the UK cannot set regulations for data coming the other way. Much will depend on how the EU views the UK.


An adequate compromise

The UK needs "adequacy" status to show that it meets EU standards and data can continue to flow. Only a handful of countries have adequacy status, however, so it is not a given, particularly if the EU takes the view that the UK will use its departure as a chance to cut regulation, for example around data privacy.

Optimists say that securing adequacy status will take a few months, but the EU's data protection supervisor has warned that it could take years and the UK will have to join the queue behind countries that are already trying to get an adequacy decision.

In that case, businesses will face substantial disruption. Furthermore, adequacy status is unsatisfactory because it can be revoked at any time. Ideally, UK businesses would want some kind of regulatory cooperation on data, but this would take time to agree. Meanwhile, the UK would be simultaneously checking its regulatory compliance with the US and other nations with which it does a lot of business.

Taking steps

Any company that hasn't done it already needs to follow the ICO's six steps to take for leaving the EU. These include maintaining current compliance standards and conducting a thorough review of data flows and structures.

Some companies have opted to duplicate their data operations in Europe - for example in Dublin or Amsterdam - and simply treat the UK as if it is already outside the EU. This is costly and time-consuming, so it isn't an option for every company.

For companies that use third parties to store their data, it can be important to ensure that data does not cross borders or change jurisdictions. This could now be a problem with the EU, which has led to some suppliers adding the UK as a separate zone for data compliance. Box, for example, did so back in January.

Businesses like to minimise uncertainty as much as possible, which is what makes the current situation so frustrating. Unfortunately, as Google will tell you, Brexit and uncertainty go together like Halloween and pumpkins.


Written by Shane Richmond (Guest)

See Shane Richmond (Guest)'s blog

Shane Richmond is a freelance technology writer and former Technology Editor of The Daily Telegraph. You can follow him at @shanerichmond

Related blogs

Industrial HPC Solutions: Data Analytics

How data is collected and analysed is changing at exponential rates. In industry — and I know this from talking and consulting with hundreds of companies — so much data is being collected that many companies are either confused with, or overwhelmed by, all of the ways to leverage and analyse their data.

Read more


AI Events - Rumours from the trade show floor

After of a couple of weeks sunning and sailplane racing in Florida it was straight back into the saddle for a London-based Quarterly Business Review and the excellent “Rise of AI” event in Berlin. Following a year of attending various international AI events I’m starting to develop a feel for their differing textures and here is my current evaluation.

Read more


Neural network banter – Rumours from the trade show floor

Many great adventures start with naivety, sadly this blog was one of them. My intention was to provide a high-level overview of the advancements in Deep Neural Networks (DNN training) techniques during the last few years. Unfortunately, I struggle to pontificate about something I don’t comprehend well, so starting with the popular Convolutional Neural Networks I rapidly discovered a multitude of its variants. No worries, how hard can it be to research each new term/concept related to Coder/Decoder networks?

Read more

We use cookies to ensure we give you the best experience on our website, to analyse our website traffic, and to understand where our visitors are coming from. By browsing our website, you consent to our use of cookies and other tracking technologies. Read our Privacy Policy for more information.