Data Protection and Cybersecurity Post-Brexit

Uncertainty over Brexit is high and its full implications are still unknown, especially since no date has been set for the U.K. to exit the EU. But many are concerned about the impact Brexit could have on data privacy and U.K. cybersecurity.

Data Privacy Regulations

In terms of data protection, the U.K. will still be a part of the EU when the general data protection regulation becomes law in May 2018. All EU member states must comply, and the U.K. is no exception. Even before the referendum, the U.K.’s information commissioner’s office issued a statement reiterating the importance of data protection. It’s likely that, post-Brexit, the U.K. will update its own legislation to incorporate the main changes being made in the new regulation. If it fails to do so, its data protection provisions risk being deemed inadequate, which could lead to extra costs and hassle for businesses in the U.K. that work internationally as well as those that do business with the U.K. For instance, these organizations could be required to use arrangements such as the Privacy Shield agreement.

Information Sharing Issues

There are also fears that the U.K. could face cybersecurity information sharing obstacles post-Brexit. A recent survey by AlienVault found that 38 percent of respondents believe that information sharing could be impacted by the decision to leave the EU. Recently, Europol echoed those fears, stating that the U.K. is unlikely to retain full access to security intelligence gathered by the EU. However, Europol is engaging in discussions with U.K. law enforcement agencies regarding what mitigation strategies could be put in place to ensure that they’re not entirely cut off, as information sharing is seen as key in the fight against cybercrime.

Research Funding

U.K. cybersecurity could also be damaged due to the likelihood that the U.K. will be cut off from funding for university research programs post-Brexit, and could also be ineligible to take part in European research programs such as CERN. If the U.K. government isn’t able to address this issue, it could take a toll on its research programs. BCS, the chartered institute for IT, has warned that international cooperation is essential for continued development, as lack of access and cooperation could impact continued innovation in cybersecurity capabilities.

The U.K. Could Be Sidelined

Additionally, some fear that organizations will shift their operations to other countries in Europe, which could see the U.K. sidelined further as the balance of power shifts. This could also impact cybersecurity, as organizations in the U.K. will likely have less to invest in information security. According to Reed Smith LLP, the impact of Brexit on the outsourcing of cybersecurity is already apparent due to the drop in the value of the pound, which has made it more expensive to outsource security to overseas providers.

Potential Cybersecurity Staff Shortages

Another area in which the impact of Brexit is likely to be seen is in potential staff shortages. The lack of qualified and experienced cybersecurity personnel is already a worldwide problem, but if freedom of movement throughout the region is curtailed by Brexit, it will be even harder to find staff. This uncertainty could cause candidates from the EU to see the U.K. as a less attractive option for finding work, and prompt those already working in the U.K. to decide to leave.

At present, no one yet knows how Brexit will come about or even whether it will happen at all. But if it does happen, it could have far-reaching consequences for data protection and cybersecurity. Every organization should be aware of these issues and should at the very least be monitoring the situation closely.

Thi post was origianly posted at https://insights.samsung.com/2016/10/05/data-protection-and-cybersecurity-post-brexit/