Six months on from Brexit, how has it affected the IT industry?

It's now been five years since the United Kingdom voted in a referendum to leave the European Union, and six months since it actually left.

With the promise of freedom to 'take back control' of the UK's borders, potential new opportunities for Britons and a plan to make the UK a global leader in innovation, there's still a lot up in the air. What has been apparent, however, is that almost all aspects of businesses have been impacted by Brexit in some way or other, from supply chain complications, to staff shortages, to confusion around GDPR and data protection rules.

We've collected the views of a number of technology business leaders to try to understand the Brexit effect on IT and cybersecurity.

Of course Brexit isn't the only thing that's been happening. COVID-19 has been a problem for the entire globe and the UK has faced the simultaneous challenge of both. Some economists argue that the pandemic has masked the impact of Brexit on the UK economy.

"It's still very early days for Brexit, which since February 2020 has been masked by Covid," says Martin Taylor, deputy CEO and co-founder at Content Guru. "Brexit is like a flooded city where you can't assess the real damage until the waters subside. Right now, we are paddling along the surface and it all looks deceptively peaceful.

"We had been actively preparing for Brexit for more than two years before the so-called extension period ended last December. Most of our business activities and supply chains are now localised in our overseas subsidiaries and we are sourcing equipment and skills locally within the EU, and indeed elsewhere."

The twin challenges of Brexit and Covid have disproportionately hurt the UK economy. According to a recent survey, eight out of 10 businesses believe leaving the EU will cause long-term harm to the economy; whilst 80 per cent of respondents feel the Covid-19 pandemic has hit firms harder than Brexit.

As of July 2021, approximately 11.6 million jobs, from 1.3 million different employers were furloughed in the UK as part of the government's job retention scheme. Although the government's fiscal response has generally been praised, to pay for the scheme, among others, it is likely the government will have to resort to levels of borrowing not seen since the World War II. Again, what this means for the UK economy in years to come is unknown.

Data protection

The UK's departure from the EU has also meant new conversations around GDPR and data protection. A UK government taskforce recently branded GDPR 'prescriptive and inflexible', and urged the Prime Minister to replace the rules with a new framework for data protection. The European Commission has sealed a data flow deal with the UK, that will allow personal data to be transferred to and from the EU and UK.

These 'adequacy decisions' are a rare move from the European Commission, and mean it has the power to intervene if it feels Britain has diverged too far from EU data protection standards. For the first time, however, an adequacy decision has an official time limit -- a 'sunset clause' -- meaning it will automatically expire after four years. As long as the UK maintains an adequate level of data protection, its adequacy status can be renewed.

Filipe Lousa, director of privacy and compliance at Globalization Partners explains what this means for UK organisations, "The key question this decision poses for UK firms is, 'are we no longer required to adhere to GDPR?' The answer is yes, and no. The UK's national data protection laws have been deemed as 'essentially adequate' to the terms of the GDPR, despite no longer being subject to these terms. The good news is, UK companies do not have to change how they are currently storing and protecting their data, as GDPR is retained in domestic law in the UK sitting alongside an amended version of the Data Protection Act of 2018."

Lousa continues, "It is a bold statement for the UK to want to adopt a fully independent data policy, and the European Commission's recognition of the UK’s high data protection standards will enable us to focus on the power of data to drive innovation and boost the economy. For companies operating in and with the UK, there will be no additional barriers or hoops to jump through when it comes to data flow, plus the added peace of mind for a continued high level of protection for personal data."

Samantha Humphries, head of security strategy EMEA at Exabeam, thinks that there needs to be more onus on the UK government to provide clarity for businesses:

While it is good news UK companies do not have to immediately alter their data decisions or how they are currently storing and protecting their data, there needs to be clearer guidance from the government on the conversations around policy, and if it is really helping security.

Lessons are not being learnt from the past. There is so much misinformation confusing businesses that it’s no surprise many are still not getting the basics right when it comes to data protection.

Security is an ongoing process and needs to be involved as you innovate, not as an afterthought. We need to work on shifting the mindsets of those who still consider security a 'tick box exercise', and realise there is no one rule that fits all. Business leaders should secure their operations because it’s the right thing to do, not because of woolly regulation. And from the UK government, we need uncomplicated and cohesive guidance that makes sense for organisations, with clear expectations which are not open to interpretation.

Questioning data regulations in their entirety, Jakub Lewandowski, global data governance officer at Commvault, bases his view on conversations with industry professionals. "Personally, over my career, I've spoken with lots of people who question why we need data regulations at all, often claiming that they stifle the development and adoption rates of new technologies. The trend however is clear: more and more countries are reaching the conclusion that some sort of law/regulation is needed. In 2021 nearly 130 countries have adopted some form of data privacy legislation versus around 80 in 2018.

"My expectation is that the ICT industry itself and the use of ICT technologies will become an increasingly regulated space. Foremost though, businesses need to start thinking now -- if they haven't already -- about ensuring their data processes are watertight, ready for any eventuality."

Trade issues

"The biggest business impact we've seen from Brexit so far has been the difficulty in importing anything," says ContentGuru's Taylor, "As leaving the EU has exacerbated the effects of the global chip shortage. For us to import additional data servers at the moment is taking several weeks, rather than a few days, and that's quite significant when you're expanding as fast as we are.

Content Guru is not alone, as car, phone, gaming console companies and more have been impacted. Some reports say the chip shortage may last until 2023.

"The global chip shortage is impacting all industries and has potential to be the modern oil crisis," Taylor adds. "Chips are the fuel of the digital economy and the last six months have demonstrated the need for more resilience in supply. An unhealthy emphasis on the cheapest price has brought this about. The UK used to be a semiconductor powerhouse. Perhaps that's something we should return to in the years ahead, though it would take time, money and political will to get there. It's not enough to just get up and say 'we’re going to be a world leader in this or that'."

Only time will tell on the long-term effects of Brexit, GDPR and COVID. But for now, businesses need to remain diligent about fulfilling their data privacy and cybersecurity obligations, and remember to recognize and appreciate their teams for enduring all of the hardships of the past 18 months.

Photo credit: esfera / Shutterstock