British businesses need to be prepared for post-Brexit changes to our data protection laws

This is a guest blogpost by Ben Tomlinson, Personally Identifiable Information Security Officer and Marketing Manager at Atlas Cloud.

Data is arguably now the most valuable resource on earth; the fact that Google made $160 billion of sales in 2019 demonstrates how prized it is.

Aside from being the most valuable, it is also likely the only resource that is growing exponentially. By this year, it was estimated that 40 zettabytes of data would exist in the digital ecosystem – that’s 40 trillion gigabytes.

There’s no doubt that 2020 is a historic year. Businesses have not only faced the challenges of a global pandemic, leading to the sharpest recession for 100 years, but now also face the Brexit transition period ending in December.

As the deadline for officially leaving the EU edges closer, British businesses need to be prepared for changes to our data protection laws.

The UK’s new National Data Strategy, launched last month by the Government, lists “creating a pro-growth and trusted data regime” and “championing the international flow of data” amongst its five key priorities.

However, at the same time, the Government warned that: “UK businesses that receive personal data, such as names, addresses or payroll details, from organisations in the EU are being encouraged to prepare for new rules around data protection.”

This is potentially a daunting prospect for British businesses, with Britain’s FTSE 350 businesses alone spending an estimated $1.1 billion on compliance with the EU’s General Data Protection Regulation (GDPR) laws introduced two years ago.

What we do know for sure is that when Britain leaves the EU and is regarded as a “third country”, UK organisations which operate, or have customers in the EU, will have to take additional steps to make sure that data can still flow lawfully.

Those offering goods or services to people in the European Economic Area, or monitoring the behaviour of individuals there, will need to appoint a data representative in the EU to take responsibility for data activity there.

Businesses with cloud IT services that are stored or processed outside of the UK may have to deal with newly-restricted data flows.

A new version of GDPR – called UK GDPR – will become part of UK law, but the full details are yet to be revealed.

As such, it is currently unclear what data protection law in the UK will look like in two months’ time on 1st January 2021.

According to The Information Commissioner’s Office and the Government, conversations are currently taking place to decide this – but for now, there’s nothing definitive.

What we do know at this time is that Britain is keeping its options open to alter laws to make it easier to sign future trade deals.

This is why British MPs voted against attempts to impose requirements that imported food needs to meet domestic legal standards after Brexit. As a proudly British company we would caution against our Government making significant changes to our data protection laws.

UK exports of data-enabled services to the EU were estimated to be worth around £80bn in 2017. Those British exports will be at risk if drastic changes are made to data protection laws that make it harder for data to flow between the UK and EU.

Already, £1.2 trillion worth of assets have been transferred from the UK’s financial sector to the EU due to rule changes and uncertainty brought about by Brexit.

It is crucial that the Government avoids a similar exodus in data-driven businesses.

The need for office workers to stay home to prevent the spread of COVID-19 has increased the risks of data breaches for businesses. Research into homeworking during the pandemic shows that 63% of workers say that their employers have invested in upgrading or providing additional workplace technology to enable home working.

The last thing that businesses and employees need at this time is the prospect of coming to terms with new data protection laws while IT teams focus resources on supporting business during digital transformation and the switch to remote working.

Digital technology and data have been one of the largest drivers of economic growth during the Covid-19 pandemic.

The National Data Strategy was created to drive growth in the British economy and to champion the international flow of data.

If Britain’s data protection laws alter too much, we risk undermining the ability of British businesses to trade one of the world’s most valuable assets and choking off economic growth by burdening British businesses with too many rules changes.

We must be cautious.