Call it a data Dunkirk: with politicians bumbling incoherently and currently deal-less towards Friday March 29, the date on which – without an Article 50 extension – the UK leaves Europe, a growing number of companies are ramping up their ability to offer customers enhanced UK data centre capacity.
California-based cloud content and file sharing specialist Box is the latest to join the uneasy parade, today announcing the launch of a new zone to help customers keep all content securely stored in the UK, via primary and secondary datacentres in the UK, based respectively in London and Cardiff.
UK Data Residency “At the Behest of Box’s Customers”
The announcement comes “at the behest of Box’s customers at a time of uncertainty surrounding Brexit” and “enables multinational organisations to gain more control over their data residency needs”, the company said.
See also: Brexit Vote: Business Frustration Grows amid Skills, Data Fears
John Sullivan, Chief Information Officer at Virgin Trains, one of Box’s largest UK customers, added in a release: “The UK Zone will give us more choice and control over our content. It is great to see Box’s continued commitment to helping UK customers like Virgin Trains proactively prepare our data residency strategy.”
Without Adequacy Decision, EU – UK Data Transfers Get Messy
The move comes amid warnings that a no deal Brexit could cause major issues with data transfer between the UK and Europe. (The ECJ, which can strike down any data adequacy decision approved by the Commission, has already ruled twice that the UK’s handling of personal data is not in line with EU law…)
As the Institute for Government notes, without an adequacy decision, or any alternative, transfers of EEA data to the UK after Brexit [and vice versa] would only be permitted subject to additional safeguards.
Content from our partners
“This would place the onus on individual businesses. Standard Contractual Clauses (SCCs) are the most commonly used safeguard, but they would prove a costly burden for UK and international businesses alike, with written agreement required between the company sending data and the company receiving it in every case. SCCs are also currently subject to legal challenge before the ECJ.”
“Another option for multinational companies who want to transfer EEA data to the UK would be to apply a strict set of rules, referred to as binding corporate rules (BCR), throughout their business. This would allow them to transfer data between countries, provided it stays within the same corporate group. But this, too, would be complicated. BCRs need to be authorised by the various data protection authorities of EU and EEA member states – a process that could take a year even for ‘a straightforward application’, according to the Information Commissioner’s Office.”
UKCloud Also Expanding Capacity
Box’s announcement comes the same week that UKCloud — the public sector multi-cloud experts – also said it is expanding it sovereign cloud platform to ensure customer capacity post-Brexit. The company said its increased investment in capacity is “driven by an increasing number of UK public sector organisations contacting them about potential capacity — to support new systems required post-Brexit and as a contingency due to concerns about the continued use of non-UK hosting option.”
