Skip to main content

Brexit, GDPR and disparate markets: how does your API strategy stand up in an increasingly disconnected world?

(Image credit: Image source: Shutterstock/JMiks)

We hear constantly about how connected we all are, how our always-on lifestyles are being propelled by technology, in the form of services and devices, to keep us digitally linked whenever and wherever we are.

Yet what really facilitates this is the transfer of data; that is, the ability to share information, irrespective of time or location. Application programming interfaces (APIs) are the key to this, as they help connect a variety of third parties to offer a range of services. It might be travel websites selling seats on an aeroplane, or an accountancy app automatically sorting company card expenses for a small business. All these are only achievable through APIs that connect separate software and services with each other.

So, what happens if we actually aren’t as connected as we thought? What are the implications, for instance, of Brexit (of any sort), on being able to share data now that the EU’s General Data Protection Regulation (GDPR) is in place?

While there remains continued confusion around the exact specifics of the Brexit deal, certain steps have been taken from a UK perspective in order to ensure that the continued flow of data to the continent is unimpeded. If the proposed EU withdrawal agreement is approved, businesses can be assured that data will continue to flow whilst a longer-term solution can be put into place. As Elizabeth Denham, UK Information Commissioner, outlined in a blog post last year, “In a ‘no deal’ situation the UK Government has already made clear its intention to enable data to flow from the UK to EEA countries without any additional measures.” However, that doesn’t cover the data coming the other way.

Prior to the latest deadline extension, there had been an agreement within the previous deal to allow the continued flow of data between the UK and EU to remain in place into 2020, and this could well still be the case judging by the uncertainty of the deal agreed ahead of 31st January.

Data sharing a mystery

Recent trends regarding Brexit and GDPR compliance highlights some very real anxieties that there are business opportunities to be exploited should the UK manage to extricate itself from GDPR. A Brexit deal, therefore, is critical for scores of businesses in the technology, health and insurance sectors which regularly rely on the safe transference of data. The relationship between business, technology and politics now depends on businesses understanding what needs to be done in order to ensure there are no unexpected data consequences as a result of  Brexit. Indeed a recent WIRED article floated the possibility that disrupting the flow of data could prove to be potentially disastrous for UK companies in the event of a no-deal Brexit. It has therefore never been more important for businesses to be aware of the regulatory environment in order to balance out the new opportunities that might arise out of regulatory divergence, with the interests of businesses at heart.

As with many aspects of leaving the EU the sharing of data, particularly the sharing of personal information, remains unclear. Will this derail API integration, or could it be APIs that hold the key to continuity in disrupted markets?

One of the key points of APIs is that, when properly integrated, they offer adopters fluidity and scalability. Look at the work Lufthansa is doing – opening up its APIs in a strategic fashion to, in its own words, “facilitate new ways of travel planning”. This will allow it to partner with selected third parties to offer services directly to customers, such as purchasing flights alongside event tickets. External developers will be able to integrate the sale of airline tickets in their own websites and applications using open programming interface specifically designed for start-ups. In doing so, it could become a business that McKinsey research indicates could effectively cut costs (as going direct is inherently cheaper than using intermediaries), improve efficiency and helping their bottom line when they implement API integration strategies.

There is a choice to be made

Such an approach is not just the preserve of airlines, of course. Ever since the implementation of the EU’s Revised Payments Services Directive (PSD2), banks have been required to integrate APIs in order to allow third parties to access their  data. Those that see this regulation as a necessary evil run the risk of simply becoming a clearinghouse for customer data while digital native entrants tap into their information to offer value-added services direct to the banks’ own audiences. Although none of these new players may be big enough to seriously challenge a major bank at the moment, to overlook the combined threat they pose is to court death by a thousand cuts.

This is why being able to effectively manage APIs is a crucial capability in navigating the disrupted financial services market. Restricted by regulation and compliance requirements, incumbents are struggling to keep up with the fail-fast nature of fintech disruptors. By taking a stance more aligned with Lufthansa’s, banks and other established providers would be able to create their own apps and services that deliver value to customers, rather than see it walk out the door for free. While many incumbents are going down this route, there is still work to be done.

More broadly having a coherent, clear API strategy will give businesses a single, accurate view of data across all applications and systems, no matter how t this data is stored or where. It also facilitates consistent integration across countries, irrespective of local data regulations. This is, from a regulatory perspective, vital, as it would allow the creation of fully compliant connectivity to protect data in transit.

Whether facing Brexit, new regulations or other disruptions, businesses have a clear choice – they can be proactive and put in place an approach which caters for all eventualities, or they can try to react as problems arise. As the nature of how we are connected evolves, having a clear approach to ensuring we continue to share data effectively is critical if businesses wish to thrive - no matter what happens with Brexit.

Ross Garrett, Chief Product Officer, Cloud Elements