Antony Walker, deputy CEO of industry body techUK explains why this is significant, saying, "The U.K.'s service-based economy means that the transfer of data across borders is fundamental, affecting industries from automotives – which includes the development of driverless cars – to financial services."
As it stands, the U.K. has agreed to implement the EU's General Data Protection Regulation (GDPR), which will come into effect in May 2018. The primary goals of the GDPR are to allow citizens to regain control of their personal data, and cut red tape for international businesses by making rules uniform within the 28-nation bloc. Whilst businesses are currently preparing for GDPR, their work may be undone in the future. Eduardo Ustaran, a partner in global privacy and cybersecurity at Hogan Lovells, says: "EU data protection law is all about the individual's control of their own personal data. The U.K. sits somewhere between this viewpoint and that of the U.S., which is more focused on the accountability of businesses and government. I suspect that the U.K. will continue in this vein, though possibly leaning towards the U.S.' approach."
Silicon Valley's technology giants like Facebook and Google must comply with GDPR and any further changes to U.K. law, though this may be less of an issue considering that these companies are likely to have the legal resources to deal with change more efficiently than their smaller counterparts.
"But, there are several nuances to compliance with the new regulations, one of which is technical," explained Martin Garner of analysis firm CCS Insight.
"Technology companies sometimes employ the technique of 'sharding,' which means that bits of data are spread in little slices over several data centers, possibly across regions, so that it exists both everywhere and nowhere at the same time."
Garner adds: "I'm sure that the big industry players have worked out how to do this, while also complying with EU data laws – but this may be less true for some of the smaller players."