By now I’m sure you’ve had more than your fill of Brexit analysis, memes, and even a tie-in to the England National team’s exit from Euro 2016 tournament.
It's been well documented that the vote doesn't mean that the UK is leaving the EU tomorrow. Some speculate it could take until 2020 before any action is taken. But companies across the globe do need to plan for that eventuality, and one key area is ensuring that they remain agile with their data management, and privacy protection strategies.
A major analyst firm wasted no time in issuing a research note titled “CIOs Must Act to Prepare for Changes Triggered by Brexit”. The note covered a wide variety of areas from cost optimization, people and talent through to governance and operating model changes.
In the area of data management, many have been quick to point out that the General Data Protection Regulation (GDPR) passed by the EU late 2015 already has strong requirements as it pertains to:
- Accountability of businesses to demonstrate compliance including privacy impact assessments, key in healthcare data, in which the risks to an individual during the use of that data must be detailed
- Data erasure aka "the right to be forgotten", meaning removing any historical activities made by individuals captured as part of their digital activities
- Profiling which relates to the need to obtain permission from individuals before any of their profile data is used to evaluate their behavior. Credit scores are an example of such profiling
- Data breach notifications that dictate the minimum acceptable time periods upon which individuals or organizations must be notified when profiles containing their data is compromised
If the UK is no longer part of the EU, this may seemingly free UK companies from having to conform. However the GDPR is likely to be enacted in 2018, before the UK would leave in say 2020. And the UK and other companies doing business in the EU would still have to conform.
Additionally the GDPR actually determines data security and privacy policies for members of another group known as the European Economic Area (EEA). The analyst firm further points out
An Information Week article “Brexit: Will Cloud Vendors Hear London Calling?” speculates how Brexit might impact the investments being made in data centers by giants such as Amazon and Microsoft.
Amazon Web Services and Microsoft are in the process of adding to their cloud facilities in the UK. IBM has already done so. All were trying to establish cloud centers close to what has become the emerging financial center of the EU.
While an article in the Financial times takes another perspective suggesting that
As we’ve seen by global reaction, and the gyrations in the stock market, the uncertainty is overwhelming.
Reltio’s CEO Manish Sood in an interview with ComputerWeekly pointed out that
Organizations who naturally see data as an asset for digital transformation, improved customer experience, and personalized targeting, have multiple hurdles to go through to conform to not just new regulations like GDPR, or even the EU-US privacy shield. The key for any organization wanting to do business globally is to use data management platforms and technologies that are agile enough to comply with all of these laws today, and as they evolve. Only then can they maintain their competitive advantage using data, and prevent their data turning into a compliance liability.
So maybe Brexit is just another wake up call for your company's data management strategy.