Privacy Laws

Data regulation in the age of Brexit

By Robert Rhame, Director of Market Intelligence, Rubrik

Following years of uncertainty, Brexit is finally upon us.

The UK entered an 11 month period of transition out of the EU after officially leaving on 31st January 2020. Now the powers that be in the UK and the EU must decide what a post-Brexit world looks like for citizens and enterprises in the UK, what rulings and regulations must be put in place, where we will continue to operate business as usual and where big changes are going to unfold.

But what does this mean for data sharing between the two former partners? Is the UK prepared to demonstrate its trustworthiness to the EU regulatory bodies? And – in the interest of preventing illicit activities such as money laundering, illegal immigration and terrorism – will the UK and the EU take appropriate steps to continue to share data, or create dangerous blindspots on their respective front doors?

The future of data sharing

Long before Brexit and GDPR came to be, the Republic of Ireland positioned itself as an attractive destination for foreign multinationals looking to benefit from a rich talent pool and advantageous tax benefits.

AirBNB, Apple and Microsoft have all set up shop in Ireland as a result, and benefit from operating within the common economic zone of the EU. As a new non EU state with high exports and a global capital in  London, the UK has the potential to continue to make themselves an attractive foreign business destination, but less so if data regulations become fragmented. 

So, while we may see problems and discussions around topics such as fishing rights and lorry driver taxes in the wake of Brexit, it’s unlikely – though still uncertain – that data exchange between the UK and the EU is going to radically change.

This is because, at least on a data level, there is a strong desire for cooperation from both sides, as well as other countries. Currently the likes of Mexico, South Korea and Japan are all able to handle EU citizen data, and the UK could easily join their ranks with more to gain. Why? Because aside from just good business sense, it’s vital in monitoring and preventing illegal activities across country borders and helps keep all cooperating countries safe.  

Raising data walls and creating siloes makes a country infinitely more appealing and vulnerable to would-be attackers and criminals. Lack of cooperation from some countries has made it extremely difficult to police ransomware, credit card fraud, and data theft.

The challenge for the UK is to ensure that criminals aren’t aided or abetted. A lack of cooperation between the EU And the UK hands a blank cheque to criminal groups.  

This is all assuming that rational heads will prevail and that data sharing will continue, more or less, as it always has. For this to happen it’s important that the UK doesn’t overestimate its own compliance.

The EU certainly won’t be forgiving if the UK is unable to demonstrate trustworthiness when it comes to data handling for EU natural persons, especially whilst the sting of leaving is still at the forefront of the EU’s mind. But, whilst higher powers negotiate the new data world order, what does this mean for enterprises continuing to operate in Britain?

Keeping up appearances

The number one piece of advice I’d offer any business unsure of how to conduct data regulation in a post-Brexit Britain is to establish complete visibility of all their data, whilst continuing to adhere to the guiding principles of GDPR.

Pre-Brexit, and thanks to GDPR, Britain’s mentality towards data regulation has been moving in the right direction. Away from EU regulators, there is a risk of that mentality beginning to slip. 

The more fragmented data becomes between the Edge, on-premises and the Cloud, the less visible it becomes. From there manual processes cease to work and the chance of exposure drastically increases. It’s important in any case that enterprises can see all their data, no matter where it lives, in the event of staying compliant, avoiding attack damage and – if still dealing with EU natural persons’ data – addressing right to be forgotten requests and more.

Ultimately if the EU and the UK wish to make two separate policies to manage data sharing then so be it, though they will certainly be making the lives of all their resident enterprises much more difficult.

I believe we will continue to see reputable uses of data sharing to combat issues such as terrorism and, while walls are going up on tax and country borders, I’m hopeful that the current regulatory principles and cooperation around data will remain. If it doesn’t, both the UK and the EU will see a blindspot on their front door.

Whilst so much is still up in the air, now is a time for British enterprises to choose EU friendly compliance over long-term business complicating complacence.

About the author

Robert Rhame is Director, Director of Market Intelligence at Rubrik with twenty years industry experience in security, risk and data management, as well as vendor landscape tracking. Originally from the U.S. he has lived in Germany for 19 years, working in various EMEA pre-sales positions and as a Gartner Research Director in backup, storage and recovery.

About Rubrik

Rubrik, the Multi-Cloud Data Control™ Company, enables enterprises to maximize value from data that is increasingly fragmented across data centers and clouds. Rubrik delivers a single, policy-driven platform for data recovery, governance, compliance, and cloud mobility.

For more information, visit and follow @rubrikInc on Twitter.