Lindsay Boullin, VP, General Manager of Swiftpage, discusses some of the implications for UK business data in a post-Brexit climate

When the UK voted out of the European Union on 23rd June 2016, many things changed, including the way we handle personal data.

When Britain is no longer formally part of the EU, it will have ‘third-country’ status with it. That means we will no longer enjoy the automatic benefits of frictionless trade with other EU states, immediately creating obstacles between us, and potential barriers to trade that weren’t there before.

This has obvious repercussions for UK businesses and organisations, two-thirds of which believe Brexit will have an impact upon them, according to a YouGov survey.

But even after two and half years of negotiations with Europe, there’s still great political uncertainty about what’s going to happen when Britain does eventually leave the UK.

This rapidly changing political landscape hasn’t helped UK companies plan for the future. So, despite much encouragement from business leaders and government, at the end of last year the majority of businesses taking part in a Bank of England survey admitted they were still unprepared for Brexit, a worrying picture for the British economy.

Pre-Brexit impact

So, even before it has happened, Brexit has already had a significant economic and commercial impact, with 45% of UK businesses admitting that it’s damaged their confidence. This, in turn, has had a profound knock-on effect when it comes to making investment decisions.
According to the Bank of England, business investment is just 2 per cent higher than it was at the time of the Brexit vote and actually 0.2 per cent lower than it was a year ago. This is very much less than the 13 per cent that had originally been forecast over a two-year period.

The impact of Brexit on data protection

One of the central pillars of the EU, of course, is the free flow between member states not just of people and finance, but also data.

Currently, personal information flows unrestricted between the UK and Europe because we are an EU member state. And, if parliament had approved Teresa May’s proposed EU withdrawal agreement, nothing much would have changed before 2020, giving time for other arrangements to be put in place for the long-term.

However, with the rejection of that deal, there is no clarity about what might happen next. If there is a no deal, the likelihood of which seems to ebb and flow from day-to-day, then we immediately step outside the rules and regulations of the EU, and that can have all kinds of implications for the many companies that process and transfer data across borders.

If that is the case, the impact of Brexit on data protection will be very real.

While this wouldn’t necessarily affect a hotel in the Highlands taking a booking from someone in France, the impact of Brexit on technology companies, or indeed any business using a cloud service that stores or processes data outside the UK, could be significant.

According to the Information Commissioner’s Office (ICO), this might mean, for example, that personal data transferred out of the UK to European Economic Area (EEA) countries might be stopped from flowing in temporarily until additional measures are established to make that data flow compliant with EU laws.

The ‘Brexit impact’ on technology companies

Given that our customers rely on us to protect and manage the data they give us, for us as a technology company, maintaining that free flow of information is absolutely essential. Whatever date we leave the EU, our customers need to know they can reliably and securely access the information we hold to ensure they can continue to do business as smoothly as possible.

To mitigate the impact of any potential fallout from a no deal outcome, some time back Swiftpage began working with EU lawyers to make sure that as a company we were complying with all relevant legislation, so that we could be confident we’d done our very best to avoid the negative impact of Brexit on data protection.

Our preparations began several months ago following the advice from the Information Commissioners Office (ICO), which recommended that to become Brexit ready, businesses with Europe-based operations should look at how and where they process data.

Having carried out a review, we made changes to our cloud hosting services to help ensure we were compliant after Brexit.

New data centre set up

We use Google Cloud’s infrastructure, which now has five data centres in mainland Europe, but when we launched Act! Premium Cloud, there was only one. That was in Belgium and was, therefore, the one we used to support all our UK and EU-based customers.

Because it is a location with a proven track record of reliability and performance, it made sense for us to retain it as the centre for our European infrastructure and to set up an alternative data centre in London for our UK customers. We have of course separate server infrastructures in the US and Australia to support our customers there.

By removing the need for data transmission between the UK and the EU, we have helped to ensure we are prepared for any future changes to either UK or EU regulations.

If we hadn’t made the decision to move our data centres, we may not have been able to meet any new post-Brexit data protection regulations covering the transfer, storage or processing of data.

Not only that, but just as importantly, we will be meeting our own customers’ expectations when it comes to ensuring we have done everything possible to look after and make available their business-critical information.

Our data migration process is well underway and will be complete in time for the Brexit deadline.

Our customers shouldn’t experience any functional difference in the service they receive from us because of this migration. But, as we do now, we will continually monitor performance and quickly address any issues, if they arise.

Data protection after Brexit

However, in future, our customers will need to sign a revised agreement with us to make sure we are complying with new rules.

One of the key pieces of pre-Brexit data privacy legislation affecting us, of course, is GDPR, which is already in place. So, as long as we abide by its stipulations, we will be operating to the same data regulations as businesses in Europe. Obviously, this is of immense help in terms of ensuring we remain compliant with EU law and so can still operate seamlessly within Europe.

If Britain were to rescind, repeal or step out of the GDPR regulations in future, that would have consequences that we would have to deal with. However, at least for now, there seems to be no evidence that will be the case, as the “The UK government has adopted the GDPR into national law as part of the Data Protection Act 2018, so once the UK leaves the EU, the same protections and requirements will apply.”

Obviously, we will have to take the lead from the UK Information Commissioner’s Office and European Data Protection Board, going forward. And, if there are changes to data protection regulations that impact how customers use the platform, we will ensure this is managed and clearly communicated.

However, right now, we can assure all our customers that Swiftpage is Brexit ready.

About the author,  Lindsay Boullin, VP, General Manager of Swiftpage.

Lindsay joined Swiftpage in 2013 with the acquisition from Sage, when the leadership team asked him to jump ship and run the new office in Newcastle-upon-Tyne, UK. Lindsay is responsible for running Swiftpage’s sales and marketing outside of the Americas and Oceania, as well as the teams based at the lovely office in Newcastle-upon-Tyne, UK. Prior to Swiftpage he spent 10 years at Sage Software in the UK, first in the in house legal team and then running a product management team.