It’s no secret that Brexit spits out many issues policy makers will have to tackle if Article 50 is invoked. Of notable concern is data protection and privacy regulation. Brexiters campaigned that the plethora of EU regulations was unnecessary, costly and over-complicated, and there can be no bigger, 'badder' example than the impending General Data Protection Regulation (GDPR), which will most likely come into force in 2018. But if the UK exists the EU then UK and importantly other non-EU enterprises (particularly in the US) will still face the same, if not more challenging, regulation. What’s worse, is the UK Government will have lost all input into the future direction of the GDPR and other EU regulations.
Unless the U.K. harmonizes with the new EU rules, U.S. companies may lose the ability to process European consumer data in the U.K., unless they adopt policies suggested by the EU or approved by an EU data protection authority. This could impact companies that want to use data centers in the U.K.—even as backups if their data centers in other EU countries go down.