skip to main content
Close Icon

In order to deliver a personalized, responsive service and to improve the site, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. By continuing to use this site and access its features, you are consenting to our use of cookies. To find out more about the way Informa uses cookies please go to our Cookie Policy page.

Global Search Configuration

Ovum view

Summary

Late in March, the Irish hosting industry moved to raise awareness of the opportunity that could result there from the combination of the EU General Data Protection Regulation (GDPR), which comes into force in 2018, and the uncertain position of UK-based hosting providers, post-Brexit, the following year.

Uncertainty faces hosting providers in the UK

All organizations processing or holding private data on EU citizens will be subject to more demanding legislative provisions after the GDPR comes into force, in May 2018. The effects will be more keenly felt within IT supply chains than ever before, with hosting being an example where the practice of sub-contracting elements of IT service will have to be underpinned by multifaceted GDPR compliance to meet many customers' needs. The legislation has specific, and quite complex, stipulations on the transfer of data beyond EU borders, which will apply directly to UK hosting locations after Brexit (likely to be in March 2019).

Arrangements governing data transfers under the pre-GDPR legislation were disrupted in 2015 when the European Court of Justice ruled that the Safe Harbor agreement (which had until then allowed US businesses to transfer EU-related personal data with minimal regulatory burden) could be overridden by national data protection authorities (DPAs) in EU countries. The Privacy Shield deal, which was quickly struck to take the place of the defunct Safe Harbor, is seen as more burdensome and is subject to annual reviews – therefore, it could be seen as a potentially interim arrangement, at a time when the legislative context is changing rapidly and substantially.

As far as can be predicted, locations in the UK will need to coverage via similar legal provisions to Privacy Shield, in order to continue processing EU citizens' personal data without being out of compliance with the GDPR, post-Brexit. The time and resources needed to finalize such an agreement might be in short supply, and will be in contention with similar circumstances in many other industries, at a time of broader uncertainty and colossal change in the UK's legal system. Unfortunately, for organizations affected, this all coincides with troubled times around the UK government's Investigatory Powers legislation, which could bring the UK to be seen as an unsafe destination for personal data coming from the EU, and which may cause difficulties for attempts to negotiate an equivalent to Privacy Shield for UK-based operations.

Host in Ireland, the industry body behind the March campaign launch, has stated it will initially foster greater understanding of the demands of the GDPR but, once its approach to the GDPR is addressed (from the position of the country's continuing EU membership), the industry there can depict a predictable and stable future for hosting in the Republic. This position is only a short distance geographically, but perhaps an ocean apart in terms of market outlook, from the uncertainty facing hosting providers in the UK.

Appendix

Further reading

The EU's General Data Protection Regulation,TE0007-001037 (August 2016)

EU's General Data Protection Regulation (GDPR) to have Greater Impacts on Enterprises,IT0018-001525 (April 2017)

Data Privacy Legislation Impact on Enterprises,IT0018-001493 (April 2016)

The Outlook for Enterprise Cloud Services in 2017,TE0005-000893 (February 2017)

"Regulatory changes are among the many Brexit-related headaches to come," IT0018-001499 (June 2016)

Author

Alan Rodger, Senior Analyst, Infrastructure Solutions

alan.rodger@ovum.com

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

+44 (0) 207 551 9047 - Operational from 09.00 - 17.00 UK time

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 7770704398 or email us at pr@ovum.com

Contact marketing - marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now