Is your data at risk after Brexit? 5 ways to protect it now

With an unknown Brexit on the horizon, many organisations are concerned about international data protection and security. And they’re right to be. The UK economy is heavily reliant on the free flow of data. Data is responsible for £240bn of UK economic activity, and three quarters of our data transfers are with EU countries.

If data flow restrictions are put in place after Brexit, UK businesses will be at a competitive disadvantage, and the security of our data could be compromised.


Brexit data security risks

So what are the risks and how can you minimise them?

(1) Data access

data centre

The EU has high data protection standards. All EU countries have signed up to these standards, including the recently implemented General Data Protection Regulation (GDPR). This means that personal data can be transferred freely throughout European Economic Area (EEA) member states with a guarantee that it will be secure and protected.

If the UK leaves the EU without a deal, it will be classed as a “third country” by the EU and will no longer be able to access and utilise this data. The UK has proposed a new data protection agreement and is currently negotiating on the basis that there will be a 21-month implementation period, during which existing legislation will continue, giving organisations more time to meet compliance rules for any new regulations.


(2) Data adequacy

The EU has said that UK will need to apply to be put on the list of safe countries for data access, by showing that it meets the EU requirements for data adequacy. Until then, it may be illegal to hold any data in the UK that refers to EU citizens until access is granted.

Data adequacy assessments for other countries have taken between 18 months and five years, so it is possible but not probable that the proposed 21-month implementation period will allow enough time for this.


(3) Data protection and security

Not only does the data adequacy decision pose uncertainty for the future of data outside of the UK, legal snags (like the US Patriot Act) are already causing headaches for UK businesses protecting their data internationally.

When entrusting your data to an American company, you’re also unknowingly laying down the red carpet for the US Government; inviting them to take a look around, copy and in some cases, even delete your information.

You can read more about the US Patriot Act in our blog post ‘Finding the right disaster recovery provider’.

The EU has declared that US and Canada only provide partial data adequacy. As the UK shares data with the US, this may prevent the UK from meeting the EU’s data adequacy requirements.


How to protect data from Brexit risks

Time is running out to protect your organisation’s data from the impacts of Brexit before the March 2019 deadline. But there’s no need to panic, there are steps IT managers can take now to mitigate the risks.


(1) Standard Contractual Clauses (SCCs)

In the absence of a post-Brexit data adequacy decision or an alternative agreement, data transfers to the UK from the EEC would require extra safeguards to ensure compliance. The onus would be on individual organisations to arrange these safeguards.

One option for individual businesses is to create and apply SCCs between themselves and all the other organisations they share data with. SCCs provide a written agreement between the data sender and data receiver, which guarantees that European Commission privacy standards will be upheld by both parties.

This option is likely to be costly and cumbersome, especially for small businesses. Smaller organisations may not want to sign up to SCCs provided by their partners if the extra administrative burden is prohibitive. The ECJ can also mount a legal challenge to SCCs, and is currently doing so for this one between Facebook Ireland and Schrems.


(2) Binding Corporate Rules (BCR)

Multinational companies that move EEA data through the UK also have the option to implement BCRs. These are a strict set of rules governing how data can be moved around different countries, but only within the same corporate group.

BCRs can be complicated, and even once all the work has been done to put them together, submitted applications can take a year or more to be authorised by the numerous data protection authorities in each of the EEA and EU member states. Again, the administrative costs can be high.


cloud computing and big data storage

(3) Migrate to a UK-based hosting and disaster recovery solution

Not all cloud based hosting and disaster recovery systems offer the same level of security, and Brexit could impact a significant number of solutions and providers. Backing data up offsite provides an additional level of reassurance. But there’s no point protecting your data offsite if you’re opening it up to additional vulnerabilities in doing so. Migrating to a UK-based system mitigates the impact of UK data adequacy non-compliance, for organisations that wish to use data in the UK.


(4) Choose an industry-leading cloud based system

Veeam software is on course to become the world’s leading disaster recovery solution, especially with the recent addition of Veeam Cloud Connect, its offsite backup and replication facilitator. Businesses all over the world are utilising Veeam to protect their data offsite. As the industry standard, it’s the system we recommend as we believe it offers the best protection.


(5) Work with an experienced strategic partner

Brexit is shining a light on data privacy and data residency. But of course these should be key considerations in any IT infrastructure design project.

Creating a robust IT infrastructure system that facilitates the free flow of data around the world without any disruption or delays is a complex undertaking. Add the increasingly complex data laws of numerous different countries into the mix, and the task becomes too onerous for most in-house IT teams to manage.

Now more than ever, it’s vital to evaluate both the physical and legislative significances of working with providers of offsite data solutions. Good providers should have a strong background in infrastructure and consultancy – someone who can work closely with your organisation to plan your cloud based data infrastructure around your business needs rather than simply deliver an off the shelf solution that may not be future proofed against changing legislative requirements such as Brexit.

virtualDCS has been involved with and worked on pioneering cloud technology since its inception. We have sat on BETA panels and testing systems so that we can deliver solid, leading edge solutions to our customers. We are proud to have been awarded accolades such as UK’s Most Cutting Edge Cloud Hosting Services Provider (TMT News), Best Cloud Hosting Services (AI Magazine) and Best International Cloud Computing Solutions Provider (CV Magazine).


What next for UK data adequacy?

Until the data adequacy decision is made, there is much debate around whether data flows can continue interrupted between UK and EU countries. The decision needs to be made before the 29th March 2019 and will confirm that the UK has taken enough steps to ensure a security level that is equivalent to the EU’s.

If the UK doesn’t get the “ok” from the European Union Committee, then official safeguards will have to be debated and put in place. If data adequacy isn’t granted before the deadline, any information stored outside of the UK would have to rely on alternative legal methods, which would cause both delays and costs for organisations trying to continue business as usual. Obviously, this includes organisations utilising Veeam offsite backup internationally.


Provider security and Veeam offsite backup

Unfortunately, as it stands there isn’t much anyone can do to speed along the decision making process. The fate of the UK and its data adequacy is set on the shoulders of our government, yet UK businesses aren’t entirely powerless.

By selecting a Veeam Cloud Connect partner based in the UK and transferring information to UK based data centres, when the deadline hits you can mitigate the implications, should data adequacy not be granted.

For more information or to speak to a team about Veeam Cloud Connect, call 03453 888 327 or email

Google Beacon – persistent project or privacy predicament?

Just another day at the office when an unexpected parcel from Google drops on the door step… the random gift of a Google Beacon!

The organisation is pushing the initiative once more by sending businesses free Beacons to encourage implementation. Unfortunately, in today’s security conscious environment these deliveries are sparking more privacy questions than implementations.

What is Project Beacon?

Project Beacon provides proximity experiences for customers using Bluetooth low energy (BLE) technology to send signals to local smart devices. The device continuously broadcasts an identifier which connects to a user’s device. Once your device has interacted with the Beacon it can then transmit its programmed action to the device.

Google Beacon

What are they and why is Google promoting Beacons?

Google is promoting the advantage of improved offline attribution with Google ads. Since the Beacons can be used to pinpoint a physical location, you can track conversion from online advertising to in store visits.

For example, if someone searches for a winter coat locally and visits a Google advertisement for your store but then clicks off before purchasing it wouldn’t have been classed as a conversion. However, with Google Beacon, the device can be tracked into the store as a physical visit.

For the customer, Beacons enable promotions to be broadcasted to receptive devices in the Beacon range to encourage in-store visits. You can read more about the features and benefits of Google Beacon here.

What does this technology mean for privacy?

The concerns around Beacon privacy and security is not just relevant to Google, but other distributors as well, including Apple. Although many may consider these threats minimal, they are still concerns according to


As default, most Beacons do not encrypt the data that’s transferred to them from connected devices. explains a hacker could change the connected Beacon password and change it so that they have full control of the device, putting the entire IoT infrastructure at risk.

Physical tampering

Unsurprisingly, as a Beacon is a physical box, it is also subject to physical attacks. Although this is extreme and unlikely, someone could physically remove the device, take it apart to access its information.

Cloning and Piggybacking

One of the largest threats is from cloning, where an attacker listens to the device and captures Beacon data, copying the information to an external application without consent. After capturing the data, the hacker may clone it, copying the configuration and contents to another Beacon in order to mislead customers. Using a duplicate Beacon opens up an array of possibilities for the hacker, including triggering in-app payments.

As the latest drive continues and technology gets smarter, so do the hackers and the future of project Beacon is still undecided.

virtualDCS Launches Integrated Apple Failover Protection for Veeam

Leeds-based cloud computing specialists, virtualDCS, has launched Veeam Apple Backup – enabling virtualised Apple Macs to be fully integrated into Veeam Cloud Connect, the world-leading backup and disaster recovery platform, for the first time.

Designed for businesses that use virtualised Apple Macs for graphics-heavy video editing and design work – it enables customers to protect and restore mission critical data at will, without interrupting processing, all from a single, easy to use central portal.

The system seamlessly replicates virtual machines to secure, off-site data centres, providing full and partial failover recovery from the same central platform as existing Veeam backups. It removes the need for separate, dedicated systems and inelegant workarounds for the protection of Apple Mac virtual machines, allowing them to be fully integrated with other data and virtual environments for the first time.   

Veeam Apple Backup

Matt Sharpe and Richard May. Photo credit: Luke Broadhurst

Matt Sharpe, virtualDCS engineer and Veeam Certified Architect, explains:

“Up until now, Apple Mac virtual machine users have had to use Apple’s own cloud backups or a separate system for disaster recovery. For businesses running multiple operating systems and environments, this means additional cost, time and management. Our system does away with all of that – providing complete control over all data, effective protection and flexible backup using Veeam Cloud Connect.”

Veeam is the leader in Intelligent Data Management, providing cloud backup, replication and disaster recover solutions to businesses of all sizes, across the world. virtualDCS is a Gold Veeam partner, with a successful track record in bringing Veeam solutions to business clients across the UK.

Richard May, Managing Director at virtualDCS, explains:

“At virtualDCS, we’re committed to adapting and evolving Veeam solutions to deliver real-world benefits to our clients. We were the first UK provider to offer Veeam Cloud Connect, and will continue to pioneer new services to improve integration, enhance business protection and help customers to generate real commercial benefits through the cloud.”

Greg Bailey, Veeam’s Director Channel & Cloud UKI, said:

“Veeams VCSP community is increasingly offering target verticals with high availability data services using Veeam products. This new Apple replication and failover service from virtualDCS is an example of a new service that many end users are requesting”.   

Based in Leeds, UK, virtualDCS provides innovative, quality cloud computing solutions to businesses worldwide. The company works in partnership with clients across a range of industries to deliver cloud solutions that reshape the way companies work for the better. All services are delivered from its own hosted cloud platforms, in line with the latest ISO 27001 information security standards.

Additional information about Veeam Apple Backup from virtualDCS can be found at, by calling virtualDCS on 03453 888 327, or by emailing

1 2 3 4 5 147