Skip to the content


Could Brexit actually be a good thing for data security?

Data security

It’s fair to say that the UK’s recent decision to leave the European Union has created a great deal of uncertainty in various areas, covering politics, the economy and even the country’s very cultural make-up.

But whether the UK had or had not decided on Brexit, there was always going to be a need to prepare for an increasingly digital economy that is yielding more data than ever before.

The decision to leave the EU has come ahead of the proposed introduction of the General Data Protection Regulation, which will aim to strengthen approaches to data security acorss Europe.


The GDPR will aim to provide Europe with one consistent and coherent set to rules. All companies that fall under the new regime, which covers any organisation offering goods and services targeted at European citizens, will have until May 25th 2018.

One of the standout measures to be introduced as part of the GDPR is the immediate and mandatory appointment of a data protection officer (DPO).

All public authorities will be required to appoint a DPO, along with a number of other organisations, regardless of size.
Estimates suggest that some 28,000 DPOs will be appointed across Europe in order to ensure compliance.

Such preparations are just one of the many measures that will be have to be undertaken by organisations, and it would be easy to believe that pulling out of the EU would throw something of a spanner in the UK’s approach to the new rules.

However, a number of experts seem to be unmoved.

Could Brexit be an opportunity?

In a recent column for Computer Weekly, expert Mike Gillespie argues that Brexit is actually an ideal chance to address the deeper issues relating to how data is consumed, stored and used by UK organisations.

Gillespie argues there are already shortcomings with current measures, citing a recent survey from Infinigate and GFI, which found that 52 per cent of organisations use The Data Protection Act as a compliance driver.

It means that just over half of companies across the UK are using the measures outlined in law as a guideline rather than a requirement.

Given the increasing presence of data in almost every facet of life in the UK, such an approach to security is one that would already be in need of a change.

The process of adopting the measures outlined by the GDPR may well be under threat of disruption from Brexit, but fundamentally, Gillespie argues, there is a need to alter the ways in which organisations handle data anyway.

He writes: “We must see Brexit as an opportunity to clean house, build new methodologies that are practical and pragmatic and offer the reassurance that both consumers and the world is looking to the UK to deliver.”

Going across the Atlantic

However, the way in which the UK deals with data from the EU is only one part of the puzzle, with last month seeing officials announced the proposed introduction of a data-sharing agreement between the EU and US known as the Privacy Shield.

Replacing the outgoing legislation known as Safe Harbour, which was found to have a number of security flaws, Privacy shield will allow companies to transfer personal data from the EU to the United States.

The 28 data protection authorities have already committed to not challenging the deal for at least 12 months, meaning there will be no legal object to proposals until at least next summer, which is when it will be reviewed.

Nevertheless, Isabelle Falque-Pierrotin, who chairs the French data protection authority, told Reuters that the legality of existing data sharing agreements could be affected in the mean time.

"If the situation is considered as OK at the first annual review, on the public security side, it is going to have an impact also on the other transfer tools by reaffirming their legal robustness," she said.

It all means that changes in the way we deal with data is likely to change anyway, and Brexit may well provide an unlikely platform on which to build.