Today, data is one of organisations’ most valuable assets. For most, it is instrumental in every decision-making process. It drives production and distribution strategies, new product development decisions, and customer service planning and execution. As the world moves toward a future in which artificial intelligence (AI) and machine learning are increasingly prevalent, data is sure to assume an even more central role in virtually every organisation.

While gathering data for a recent report, we asked IT decision makers how they perceive the value of their organisations’ data. Seventy per cent of UK respondents felt that it should be an asset on the balance sheet (just slightly higher than the rest of Europe at 67 per cent). In addition, 65 per cent of UK respondents thought that their companies’ data assets were potentially as valuable as the human ones.

Thus, the value of data to business is clear. But the current global environment poses new challenges for collecting, managing, storing, using, and disposing of data. Today, organisations can move data across national borders for storage and processing with relative ease. As a result, data has become key to international trade. Organisations not only collect their own data from wherever they do business; they also purchase data gathered by other entities across the globe.

In the UK, cross-border data flows are of huge economic importance. A July, 2017 report from the Lords Select Committee on the European Union noted:

  • Cross-border Internet traffic, including inter-organisational data transfers, increased 18-fold between 2005 and 2012
  • Three-quarters of the UK’s cross-border data flows are with EU member countries

Historically, data movement within the European Union (EU) has been relatively easy, because the single market allows organisations to move data as well as goods across borders freely. Beyond this, agreements such as the EU-US Privacy Shield ensure that moving and managing data between participating entities complies with both parties’ data protection requirements. The upcoming General Data Protection Regulation (GDPR) is going to raise the bar for transfers of personal data into and out of the EU. However, scheduled to take effect in May 2018, GDPR mandates more stringent requirements for preserving and protecting the personal data of EU residents than those currently in effect. Moreover, the provisions of GDPR apply to any entity that does business with EU residents, regardless of where the entity is domiciled.

The UK’s withdrawal from the EU raises questions about requirements for the cross-border movement and protection of data, for Britain’s interactions both with the EU and with other nations. Among the many areas in which exit terms are being negotiated, Elizabeth Denham, head of the Information Commissioner’s Office, is working to determine how data movement in and out of post-Brexit Britain can continue uninterrupted. In the above-mentioned report from the Lords Select Committee on the EU, Denham noted that “If there is a way to negotiate either a transition arrangement or something so that there is not a cliff-edge on day one, that is in the best interests of everyone.

The precise laws and regulations under which post-Brexit Britain will share data across borders are not yet known, but it is clear that if the UK is to remain a commercial and technological powerhouse, low-friction cross-border data sharing will be essential.

At the moment, however, many organisations are in a state of “digital uncertainty.” For example, 76 per cent of the interviewees for our report stated that Brexit has significantly reduced their ability to plan for and invest in digital technology. Additional concerns noted by respondents include lack of clarity on timing and Government plans (50 per cent), regulatory compliance (43 per cent), and data sovereignty (38 per cent).

The terms of Brexit are still being negotiated, so the rules under which data will move between Britain and the EU are not yet known. Currently under the EU’s data protection framework, countries that are not part of the EU or EEA are classified as “third countries,” and are subject to more rigorous standards of data protection than member states. It is possible that in order for UK companies to exchange data with EU entities, they would have to comply with EU third-country regulations in the same way as, for example, a US company.

However, it appears increasingly likely that most EU regulations relating to the processing, storage, use, and disposal of data will become effective in the UK as well. Prime Minister Theresa May has confirmed this with respect to GDPR. So it might alternatively be the case that the UK is granted a special dispensation for data exchange with EU member states by virtue of already being compliant with GDPR.

Regardless of the changing political and regulatory environment, the value of data to organisations is only going to continue to increase, driven in large part by the evolution of analytics into artificial intelligence and machine learning. It seems safe to predict that in the not-too-distant future, organisations’ ability to use data gathered from wherever they do business to refine and ultimately control their operations will be vital not only to success, but to survival.

Thus, as technology continues to evolve, organisations’ need for free flow of data is only going to increase. At the same time, individuals’ expectations around the privacy and protection of their personal data are being translated into law, as evidenced by the EU’s GDPR.

Organisations that need data to operate should be exploring ways in which they can collect, process, store, transfer, and ultimately dispose of huge amounts of data in ways that both expedite its use and comply with the requirements of the jurisdictions in which they operate. Vendors of information technology products and services should be cooperating to design “end-to-end” security into their ever-evolving offerings. For both producers and consumers of information technology, it will never be less expensive to comply than now.

For some data-consuming organisations, the initial cost of GDPR compliance may seem substantial. But ultimately, GDPR and similar regulations that will inevitably appear in other parts of the world represent good stewardship over personal data that individuals have entrusted to controlling and processing organisations. Many organisations in the EU and elsewhere are already proactively planning to be GDPR-compliant before May 2018 when the regulation goes into effect. Analyst group IDC found that despite overall downward pressure on IT spending, 34 per cent of European organisations plan to increase expenditures for secure on-premise data storage and other tools to help them become GDPR compliant.

♣♣♣

Notes:

  • The post gives the views of its authors, not the position of LSE Business Review or the London School of Economics.
  • Featured image credit: Analytics, by xresch, under a CC0 licence
  • When you leave a comment, you’re agreeing to our Comment Policy.

James Petter is the VP EMEA at Pure Storage, the technology storage company that has revolutionised the market with its flash technology. He brings a customer-centric approach to Pure Storage, implementing and executing strategies that drive better support and engagement across the company’s EMEA customer base. A former military man, James has leveraged the skills he learned in the army to forge a highly successful career as a customer advocate and sales leader in the technology industry. Having previously worked for giants such as EMC and Cisco, James has been responsible for leading sales businesses that have generated over $1 billion sales annually.