CIO & CDOs: How Does Brexit Impact Your Data Management Strategy?

By now I’m sure you’ve had more than your fill of Brexit analysis, memes, and even a tie-in to the England National team’s exit from Euro 2016 tournament.

It's been well documented that the vote doesn't mean that the UK is leaving the EU tomorrow. Some speculate it could take until 2020 before any action is taken. But companies across the globe do need to plan for that eventuality, and one key area is ensuring that they remain agile with their data management, and privacy protection strategies.

A major analyst firm wasted no time in issuing a research note titled “CIOs Must Act to Prepare for Changes Triggered by Brexit”. The note covered a wide variety of areas from cost optimization, people and talent through to governance and operating model changes.

Businesses in Europe will see a stall in IT spending as a result of the U.K. vote to leave the European Union. CIOs need to provide frequent, open communication and create a task force to prepare for the changes.

In the area of data management, many have been quick to point out that the General Data Protection Regulation (GDPR) passed by the EU late 2015 already has strong requirements as it pertains to:

  • Accountability of businesses to demonstrate compliance including privacy impact assessments, key in healthcare data, in which the risks to an individual during the use of that data must be detailed 
  • Data erasure aka "the right to be forgotten", meaning removing any historical activities made by individuals captured as part of their digital activities
  • Profiling which relates to the need to obtain permission from individuals before any of their profile data is used to evaluate their behavior. Credit scores are an example of such profiling
  • Data breach notifications that dictate the minimum acceptable time periods upon which individuals or organizations must be notified when profiles containing their data is compromised

If the UK is no longer part of the EU, this may seemingly free UK companies from having to conform. However the GDPR is likely to be enacted in 2018, before the UK would leave in say 2020. And the UK and other companies doing business in the EU would still have to conform.

Additionally the GDPR actually determines data security and privacy policies for members of another group known as the European Economic Area (EEA). The analyst firm further points out

Brexit vote applies to the U.K. leaving the EU, it does not address the question of whether the U.K. will remain within the EEA (for example, Iceland, Norway and Liechtenstein are members of the EEA, but not the EU). Consequently, CIOs with data located in the U.K. will still need to continue with plans to comply with the new regulation until more information is provided on the U.K.’s future position in the EEA.

An Information Week article “Brexit: Will Cloud Vendors Hear London Calling?” speculates how Brexit might impact the investments being made in data centers by giants such as Amazon and Microsoft.

Amazon Web Services and Microsoft are in the process of adding to their cloud facilities in the UK. IBM has already done so. All were trying to establish cloud centers close to what has become the emerging financial center of the EU.

While an article in the Financial times takes another perspective suggesting that

Regional Cloud service providers would not be able to reach the scale needed to compete with global rivals, instead forcing them to rely on local data centers run by Amazon Web Services and Microsoft, which already operate at an order of magnitude, this person said. “What we’re moving towards is a duopoly of AWS and Microsoft.”

As we’ve seen by global reaction, and the gyrations in the stock market, the uncertainty is overwhelming.

Reltio’s CEO Manish Sood in an interview with ComputerWeekly pointed out that

Data privacy and protection laws are becoming increasingly stringent, and are slowly catching up to the wealth of data being captured and used in the digital age.

Organizations who naturally see data as an asset for digital transformation, improved customer experience, and personalized targeting, have multiple hurdles to go through to conform to not just new regulations like GDPR, or even the EU-US privacy shield. The key for any organization wanting to do business globally is to use data management platforms and technologies that are agile enough to comply with all of these laws today, and as they evolve. Only then can they maintain their competitive advantage using data, and prevent their data turning into a compliance liability.

So maybe Brexit is just another wake up call for your company's data management strategy.