No matter what happens with Brexit over the following weeks and months Irish businesses will still need to continue doing business. And of course a lot of us have clients and suppliers in the UK. While how we deal with them might have to change, depending on the outcomes, we can’t simply ignore the impact of Brexit on those relationships.
We’ve spoken briefly about how this is going to impact us as a company and what steps we will be taking. As of now we know that most of our vendors have plans of some kind in place and we will, hopefully, be ready should a “hard Brexit” become the reality.
But what about Irish (and other) businesses that have data in the UK at the moment?
Whether there’s a “deal” of some kind or not the UK post-Brexit will be a “3rd country”.
What does that mean?
In very simple terms it means that it will no longer be part of the EU and therefore any data you send there will no longer be covered by European data protection law (ie. GDPR).
Some countries have been granted what is called “adequacy”, which means that the EU considers their regime capable of meeting the same standards as the EU. It is possible that the UK could be granted similar status, but that can’t happen until after Brexit and it’s far from a “done deal”. (Maria’s article from last year goes into this in some detail)
And if you handle personal data you are obliged to process data in line with GDPR:
With the advent of the GDPR in particular, countries in the EU have very high standards of data protection. EU-based data controllers are not permitted to transfer personal data outside the EU/EEA unless those standards are maintained.
That means that as a business you cannot ignore the implications of your data being held or processed in the UK. You will need to deal with the issue.
Can you continue to transfer data to the UK post-Brexit?
While you can do so you will need to invest time and resources into making sure that you have the correct legal instruments in place. The Irish Data Protection Commission has issued bulletins on the topic which Irish businesses might find helpful. A key takeaway, however, is that it’s not a simple exercise.
What can you do right now?
We’d strongly recommend you check where your data is. You need to know where it is stored and where it is processed.
What data are we talking about?
Personal data.
It’s a very broad concept:
The term ‘personal data’ means any information concerning or relating to an living person who is either identified or identifiable (such a person is referred to as a ‘data subject’).
An individual could be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (such as an IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
What can you do?
Once you’ve identified which data is being processed in the UK then you can choose to either move to the EU or try to put the kind of safeguards in place that you need to protect your business.
Why does this matter?
Under the law you are responsible for the data you collect and process. The Irish Data Protection Commission outlines this in detail here.
What could happen if your business gets it wrong?
You could end up being hit with fines. Bottom line it could cost you financially.
How can Blacknight help?
We offer a comprehensive range of hosting services to cater for businesses of all types. Whether you need email hosting, website hosting, dedicated servers, a VPS or a hybrid private cloud solution we can tailor a solution to your business’ requirements.
