The only certainty about Brexit, the UK’s departure from the European Union, is that it is going to create uncertainty in terms of data sovereignty, particularly in the field of cloud computing. Data sovereignty refers to data being held in a country in adherence to the laws of that state. That is fine if your company is based in a single location and single market but it becomes trickier if you have diverse locations and lots of different laws with which you need to comply.
When the UK is part of the European Union it has the same data sovereignty laws as other countries in the EU but when the UK breaks away those laws could change. In time companies operating in Europe may have to manage one set of data laws for the UK and another for EU member countries. By voting to leave the European Union the UK fractured what was becoming a single digital market into potentially two or more jurisdictions for technology issues.
If the UK wants to participate in the free flow of data across European borders after leaving the EU, it will have to adopt the same data-protection standards as the EU’s new General Data Protection Regulation. As the UK’s Information Commissioner’s Office has stated “international consistency around data protection laws and rights is crucial, both to businesses and organisations and to consumers and citizens”. Unless the UK follows the new EU rules foreign companies may lose the ability to process European consumer data in the UK. This has ramifications for companies that want to use data centres in the UK – even just as backups - if their data centres in other EU countries go down.
People are waking up and recognising that the cloud is about data centres built on land under national laws. Cloud and managed service providers may need to offer additional options for customers to host data across Europe and enterprise end users may need to reconsider where their data is stored and ask themselves “if I move my data to your cloud, where will it be stored and what sovereign laws will it be subject to?”. For UK and international companies moving data in and out of Europe this could become a minefield but it doesn’t have to be.
The fact is cloud computing companies are getting used to dealing with issues of data sovereignty. Gavin Jackson, Amazon Web Services (AWS) UK and Ireland managing director said, whilst speaking at the recent AWS Summit in London, that in spite of the referendum result, Amazon was still committed to opening a new data centre in the UK by the end of this year. Whilst in the past restricting types of data that can be stored in specific locations hampered their flexibility to move data from one data centre to another, patented technology now solves that problem.
By opening a data centre in the UK Amazon can guarantee UK data will remain in the UK whilst other data can still be available to the rest of Europe to be shared and processed accordingly. How is this possible? In a shameless plug for my own company, WANdisco has patented “active data replication” technology which led us to be one of Amazon’s partners (along with IBM, Microsoft and Google). The advantage of our WANdisco Fusion technology is that it doesn’t have to replicate all the data which allows data controllers to apply security controls to the data that is replicated. This means that cloud computing companies can quickly control where data is shared and ensure that data sovereignty requirements are met.
The hybrid cloud model can also help with issues of data sovereignty as companies keep sensitive data on site behind the firewall and only move certain data-processing activities to the cloud. Our technology means businesses can migrate data with no downtime thus potentially saving thousands in potentially loss revenue or capital outlay.
Ultimately Brexit doesn’t have to mean the balkanisation of a company’s data strategy but clarity is needed so the right measures can be put in place.