Only 27 per cent of IT security pros are sure that their data is stored in the UK

... even though 92 per cent believe their data should remain in the UK

Just over a quarter (27 per cent) of IT security professionals are absolutely sure that their data is stored in the UK at all times, despite a whopping 92 per cent of them believing data should remain in the UK.

According to a study by UK-based cyber security consultancy CNS Group, 92 per cent of respondents thought it was very or fairly important that data is stored, accessed and backed up in the UK, but only 27 per cent were ‘very certain' that this was indeed the case.

Respondents to the 2015 Data Sovereignty Study said that the main risks of not knowing where their data is stored at all times include foreign government access (37 per cent), lack of data integrity (21 per cent) and not knowing the accreditations or clearance of those accessing and managing their data (22 per cent).

"In order to guarantee compliance with existing and forthcoming data protection legislation - such as the EU General Data Protection Regulation (GDPR) - organisations regardless of size will need to know where exactly in the world their data is stored and managed," said Shannon Simpson, CEO of the CNS Group.

"Following Brexit, UK organisations will still need to comply with the EU GDPR if trading in the EU. If comprehensive questions about data sovereignty are not currently part of an organisation's data governance strategy, they should be," she said.

On the day of the EU Referendum results, the Information Commissioner's Office (ICO) said that the decision meant that the upcoming EU reforms to data protection law would not directly apply to the UK.

It said that while the Data Protection Act remained the law of the land irrespective of the referendum result, the upcoming GDPR in the EU will not directly apply to the UK once it has left the EU.

However, the ICO emphasised that if the UK wanted to trade with the single market on equal terms, it would have to prove "adequacy" - in other words, UK data protection standards would have to be equivalent to the EU's GDPR framework starting in 2018.