The United Kingdom and European Union have agreed on the text of the Brexit withdrawal agreement, but it will only get the go-ahead if the European Parliament and UK Parliament approve it. Once ratified, there is a transition period that runs until the end of 2020, if it’s not extended for another two years (which is possible). During the transition time, businesses will be in the same position as today and retain the benefits that come with a single market and a customs union.
All EU members, plus Norway, Iceland and Liechtenstein, are part of the EEA (European Economic Area). Along with the DPD (Data Protection Directive), or the DPA (Data Protection Act 2018) for the UK, this allows for the relatively uncomplicated transfer of data for countries within the collective group.
Related Reading: Brexit and the GDPR: What You Need to Know
For any non-EEA country that wishes to exchange data with a business inside the EEA, things are somewhat more complicated. These countries, which could include the UK if Brexit is finalized, require what’s called an “adequacy decision.” This decision process is normally quite lengthy, and as such the UK government has stated that it can’t guarantee an adequacy decision will be in place by the time the UK leaves the EU.
The fact that the UK, in its role as an EU member state, has enforced GDPR may well speed up the adequacy decision process. The GDPR already prohibits personal data being transferred or accessed by countries outside of the EEA unless the rights and freedoms of the individuals involved are protected.
Unfortunately, it’s still too early to say.
Though it’s been over 1000 days since the UK’s referendum on Brexit, which took place on June 23rd 2016, we can’t yet tell how things will change. Much of what may change depends on whether the UK just leaves the EU or decides to leave the EEA too. If the UK remains a part of EEA, then the controls around the transfer of data in and out of the UK will likely remain similar to what it is today. If the UK also leaves the EEA, all sorts of complications may come into play.
For now, all we can do is watch and wait.
Whether your business is in the EU, EEA, or falls outside of these areas, with so many current unknowns, data exchange processes could be subject to change.
To best help prepare for these unknowns, GoAnywhere advocates for the use of secure protocols, like SFTP, FTPS, SCP, HTTPS, or AS2 to secure data in transit, as well as encryption technologies like Open PGP, GPG, or Zip with password protection to protect information at rest.
Together, these protocols and technologies will help you comply with strict cybersecurity requirements for personal information no matter where it resides in your business.
Related Reading: GDPR Compliance for File Transfers
For those in retail or ecommerce, GoAnywhere is also Drummond Certified for AS2 file transfers. The Drummond standard spans member states, unions, countries, and contidents, so the sender and the recipient can reside in or out of the EU or EEA. It doesn't matter where you or your trading partners reside; location has no impact on the success or security of GoAnywhere’s AS2 transfers.
GoAnywhere, a secure managed file transfer (MFT) solution from HelpSystems, supports the user-to-user, server-to-server, and application-to-application file transfers exchanged by organizations worldwide. GoAnywhere can automate and transfer data on-premises, within hybrid environments, or in the cloud from a single, central point of administration, allowing you to stay in control.