UK enterprises are increasingly concerned over whether they will be able to transfer data when the UK leaves the European Union – according to research by 4sl. In the survey of 200 UK IT decision makers in October 2019, 60% of large enterprises were concerned about their ability to transfer data from the EU to the UK post-Brexit – while 61% were worried about their ability to back up data held in the EU. A large part of this is likely down to uncertainty: 55% of enterprises did not know how Brexit will affect their backup and disaster recovery processes.
“While progress seems to be made, we still can’t say with certainty that the UK will be granted data adequacy by the EU once the entire Brexit process is over,” said Barnaby Mote, Founder and CEO of 4sl. “There is still the risk of no deal, not only this month, but all the way until any transition is 100% complete – meaning cross-border data transfers and processing could still be in danger. To avoid this risk, organisations need to be certain either that they have Standard Contractual Clauses and other provisions in place to cover personal data transfers from the EEA to the UK; or ensure that no data is transferred at all. Without due care, they are leaving themselves open to the risk of regulatory non-compliance or failures of critical functions such as backup.”
Despite the research taking place weeks before the expected October 31 deadline, 35% of respondents did not have preparations in place to alter their backup and disaster recovery processes in response to Brexit. A further 43% had made preparations but had not yet put them into effect – suggesting that the uncertainty around Brexit is preventing enterprises from taking concrete action. It is also possible that many businesses still believe that there will be no need for Brexit preparations, either because of an eventual deal that means changes to IT processes aren’t needed or through Brexit being reversed. 59% of enterprises worry that any time and money they have put into preparing for Brexit will be wasted.
“Ultimately, it’s the ongoing lack of information and preparedness that has created the real risks for firms,” continued Mote. “While a deal might currently seem possible, from November a large proportion of enterprises could be at risk of falling foul of regulations because of inaction. It is still not too late to begin preparing; organisations need to make sure they understand data flows, where processing is performed, where data is stored, and what legal, technical and operational provisions they need in place to continue transferring data.”