On 23rd June the UK voted to leave the European Union. Consequently, trade regulations and relationships between the UK and the EU will be changing. Companies in all sectors will be affected, including iPushPull. As a provider of live data sharing to businesses in multiple sectors across Europe, continued compliance with European data protection regulation is critical for us and our customers.
EU General Data Protection Regulation
Over the last 3 years, the European Commission has been working on the General Data Protection Regulation (GDPR). This is a new set of policies governing how companies should process and store personal data. The policy applies to cloud services (like iPushPull) and the cloud platforms which host them, like AWS and Microsoft Azure. The new regulation will apply to companies in all European member states from 2018. However, companies outside the EU that wish to trade within the EU will still have to comply:
The need in the UK to comply with the EU’s GDPR will remain the same, as we can expect UK businesses to continue handling EU citizen data.
Failure to comply could lead to UK companies facing the same kind of legal challenges and potential penalties as US companies did following the breakdown of the Safe Harbour agreement last year.
The “Safe Harbour”agreement was developed to allow US companies to move data between Europe and the US without having to fully comply with EU regulation. As long as companies hosting data in the US self-certified that they observed certain rules, they did not have to comply with the EU Data Protection Directive (the forerunner of GDPR). Last summer, a legal challenge invalidated the safe harbour agreement. The subsequent Privacy Shield Agreement provides stronger obligations on US companies, including giants like Facebook, Google and Microsoft, to protect the data of EU citizens. The US Government will also be obliged to impose stronger monitoring and enforcement on US companies.
To comply or not comply with GDPR?
It is, as yet, unclear whether the UK will implement GDPR when it leaves the EU. However, any decision to implement separate UK data processing regulations will cause problems as well as opportunities, as the Financial Times reports (Paywall):
A divergence of UK and EU data rules could make it harder for UK-based companies to transfer data across borders.
Creating smaller infrastructures could also make it difficult for European companies to compete with the US and China on a global scale. If the UK were to implement the same regulations as the EU and incorporate GDPR into national policies, an ease of data flow would lessen the workload for businesses.
A need for clarity
Irrespective of the industry or market sector they operate in, companies need clarity on the regulations they will have to comply with. The two year timetable for Brexit will pass quickly, and companies will need time to incorporate regulatory and compliance changes into their services and processes. At iPushPull we will continue to apply the highest industry standards to the protection of our customers’ data and we will be ready, regardless of the eventual decision.