The UK is officially no longer part of the EU. On January 1st, 2021, the transition period came to an end and Britain’s new trading relationship as a third country with the bloc began.
Amongst the multitude of products and services now subject to different rules and regulations is data. As a third country, the UK must have adequate data protection requirements for personal data to be transmitted from the EU. Where data is held in the cloud – be that in the UK or in Europe – British companies have a duty to undertake certain actions to remain compliant and even improve performance.
The new trade deal
The EU has agreed to delay data transfer restrictions until the end of April as part of an arrangement referred to as the ‘bridge’. This may yet be extended to the end of June. The bridge enables personal data to flow freely from the EEA to the UK until both adequacy decisions have been adopted, or the bridge terminates.
In the meantime, for companies that hold any personal data in the cloud (British or European) an audit should be conducted.
Regular data audits are always advisable, but in this case, businesses need to audit exactly where their data is held and – crucially – in which countries. Where possible, businesses should request that their data is repatriated to the UK. This will avoid access issues to data in the event adequacy decisions are not forthcoming and can reduce latency going forward.
Should this not be possible, businesses should draw up plans to migrate their data to a UK cloud or data centre provider should the UK find itself outside the GDPR. Equally, if businesses hold the data of EU residents, they may need to explore migrating that data to European cloud and data centre providers.
The colocation option
Bringing all data back into on-premise servers is an option many businesses may take, but an option that should be taken with caution. On-premise servers are vulnerable to power outages, natural disaster, malicious interference, they require constant maintenance, and they take up precious office space.
Full migration of data to the cloud also carries its own risks. Visibility and control can be reduced, multi-tenancy services are more vulnerable to attack, and the ability to verify the secure deletion of data is often diminished.
The third – and increasingly popular option – is colocation. Here, businesses repatriate their data back onto their own servers. This mitigates against potential data transfer and privacy issues should the UK and EU fail to arrive at a more permanent solution. However, rather than them having to manage and maintain their servers, the business stores them in a dedicated data centre.
Colloquially referred to as ‘lift and shift’, the business quite literally lifts their servers and shifts them to the data centre. This has multiple benefits.
For starters, the business retains total ownership of their servers and all the data within it and can migrate as much or as little of their data to the cloud as they please. Servers are regularly tended to by approved technicians and receive levels of power, connectivity, and back-up provisions that few offices can match. Data centres themselves are also built to be ultra-secure. Many resemble military complexes with CCTV, manned security, biometric entry, and reinforced concrete walls. They also evolve to meet changing compliance standards from a physical perspective.
Volta Data Centres
Volta specialise in colocation services offering you a fast, easy, and flexible transition with quick lead times for last minute projects and simple contracts.
From single racks to larger scale private environments, Volta provide businesses with an easier solution for maintaining and running their critical IT infrastructure. Our Tier 3 central London facility also guarantees 100% uptime.