If you’re like us, you’ve spent the last several hours digesting the UK’s Brexit Leave vote. While we recognize this is an economic and political story before a tech story, here’s our take on what the vote means.
A UK exit from the EU impacts not just physical borders, but digital borders as well. Data sovereignty, the concept that data is subject to the laws of the country in which it is located, will likely require companies to change systems and processes for managing customer data.
Why? The UK is part of the EU data regime. The vote to leave the EU could create a new UK data regime where companies need to manage CRM system data crossing the new digital border between the UK and the rest of the world. Storing EU customer data in the UK will no longer satisfy EU data laws. Likewise, UK customer data stored in EU countries will have had to comply with separate UK data laws. Changing processes and systems to comply with the new legal landscape around customer data takes both time and money.
How can business protect themselves against the likely forthcoming changes in tech policy? For one, it’s vital to have flexibility in cloud options and can adapt solutions to suit the particular needs of their customers and comply with data sovereignty laws. Modern SaaS companies leverage multiple infrastructure service providers in different countries so that customer data can reside wherever legal requirements force a business to store that data. In contrast, legacy SaaS providers operate a single, vendor-specific cloud putting all of their customers’ data at risk under the umbrella of that vendor. In this next generation of SaaS, technology companies operate both their own cloud and also enable other service providers to deliver that SaaS service on their clouds, either private or public. For example, with SugarCRM, businesses have a CRM system that is ready for a world with multiple clouds and many data sovereignty regimes.
Looking further ahead, the issue of data residency is not exclusive to the EU, but is part of a global trend with similar discussions currently taking place in countries like Russia and Canada. I see this trend continuing with more and more countries moving towards security and privacy laws that require their data to be kept within national boundaries.
The recent battles between the EU and US over the “safe-harbour” legislation are an example of what a thorny issue cloud-based data storage continues to be. The problem is that there’s a fundamental contradiction between the cloud and national borders; information has no respect for lines on a map and tech companies thrive when their solutions are systems that have maximum flexibility. The more legislation that occurs, and I think that this is inevitable post Brexit, the bigger the headache for SaaS companies as they are forced to navigate different legalities in different markets.
I am certain that this debate, this tension between data storage and national security interests, will continue for many more years to come.