There will be plenty of change in the wake of the British withdrawal from the European Union (EU) following the referendum this June. There is no question that countries and organizations around the world will be dealing with the fallout from Brexit for years to come. For organizations in the US, the real question is what will be the specific impact in the near future?
With the growth of mobile devices, the Cloud and general Internet use, many US-based organizations are “global” from day one. International shifts such as Brexit could have a huge impact on organizations, for everything from marketing and customer base to currency issues and trade deals. Rounding up input from a variety of “Brexperts,” here’s what the future could look like, in terms of data security:
- The 5-year outlook could include the breakup of the UK, and potentially the EU all together, which would create a much more fragmented international architecture, with impact on business relations, standards and security relations, notes Ian Bremmer, president of Eurasia Group
- Information flow will continue, so it's likely that the UK Data Protection Act will be the standard for data protection, notes W. Scott Blackmer for InfoLawSecurity
- EU initiatives such as the EU GDPR may lose momentum and focus, particularly if other countries choose to exit from the EU. Organizations operating within Europe may no longer be able to negotiate the EU GDPR, if it continues, through the Information Commissioners Office (ICO) in the UK. If the EU GDPR is delayed or fails to move forward, we could see more fragmented country-specific requirements pop up, which would place greater compliance challenges on organizations operating internationally
- If the EU GDPR does not get delayed, organizations that fail to prepare for it could face steep penalties for non-compliance, notes Stewart Room of PwC
Absolute's data regulation advisor and lawyer at Cordery, Jonathan Armstrong, also recently participated in a podcast on the outcome of Brexit talking about data privacy and data transfer issues for compliance professionals, which is well worth a listen.