Britain voted to leave the EU but it can’t escape the GDPR
2016 and Britain made history by voting to leave the European Union after being a member for over 40 years. Uncertainty set for the future of Britain, many enterprises are asking if Brexit excludes Britain from the newly set EU General Data Protection Regulation (GDPR).
Before Britain can leave the EU it must go through ‘Article 50’ and this will take a minimum of two years, which will not be enacted until 2017, at the earliest. The GDPR is due to be fully enforceable in May 2018 which would see Britain having to abide by the new regulation regardless. Prior to the GDPR, the EU had the Data Protection Directive 1996 (DPD) that needed to be enforced through local law. With the new law being a regulation, all EU members and EU trading must abide with the set rules instantly, without it having to be passed into local law.
With cybercrime on the rise, it has been evident that current laws in place were not appropriately protecting data. The GDPR has been set up not to be a burden on business productivity but instead facilitate better free movement of data. It is there to make sure businesses uphold, respect and assure privacy and proper and appropriate use of personal data. The new regulation also means a unified law across the EU so now businesses don’t have to alter the way they manage their data from country to country, making it much easier to manage and secure. One of the biggest benefits will come from consumer trust allowing for greater business models with the certification of trusted security.
With a year and a half left until the GDPR becomes enforceable there is still time to make sure you don’t suffer from the negative impact of GDPR. If your business violates any obligations related to legal justification for processing then you could see harsh penalties of up to €20 million or 4% of your businesses global gross, whichever is higher. This could be devastating to businesses so abiding with the regulation is crucial. Simply locking down your data is not good enough and unlike previously where you would tick some boxes to say you comply, your business now needs to demonstrate that you secure your data appropriately and that access to this data is effectively designed. You must also provide an audit trail of your data to prove that your business is aware of where all data is at any time and what it is being used for or who is using it. If your business is aiming for the ISO 27001 standard then meeting the majority of issues raised in the GDPR should be relatively straightforward with some minor additions such as, having a dedicated in house independent data protection officer. To find out more on the regulations please visit ICO here.
If you are an SME then you have some exemptions but don’t think you’re let off the hook. You may not get the penalties if you have a data breach but you may if you do not report this. You are also expected to still enforce effective security measures and you must be able to provide evidence of how you manage and monitor data. Following the GDPR would be ideal no matter what size your business is as this contributes to good practice of data handling, future proofs your company for growth so you’re not caught out when you exceed SME status and may increase business as clients will have a greater trust in your products and services.
It is about time a universal data protection law is introduced to the EU and hopefully this will boost business nationally and internationally making cross border collaboration and trade much easier and safer. We are now in a digital age and looking after digital information couldn’t be more crucial. Yes Brexit is now, yes you will still have to meet the GDPR and once we have fully left, if you want to continue business across the EU, you will still have to comply – but why wouldn’t you?
If you are looking for new applications to help meet GDPR standards then check out GeoLang who have developed Ascema a comprehensive Information Access Security Broker (IASB) with built in Data Loss Prevention and automated classification solution that offers end to end protection of your high value content across on premise, email, cloud or hybrid systems. Ascema also includes a virtual data room solution and powerful audit and compliance capabilities that can monitor and report on your high value data inside your business and across your supply chain.
Why not try Ascema for your Windows File Server today – become a beta tester! It’s free and available for a limited time here.
By Sam Jae |28/10/16 | Technology