Brexit and data protection: What does it mean for business?
Once, many smaller businesses didn’t pay much attention to governance and compliance issues. Many thought they were really only of concern to large businesses. In recent years though, governance and compliance have grown in general importance to occupy an increasingly prominent position on the agendas of businesses of all sizes.
All the talking about last summer’s Brexit vote is now translated into action, as the UK government of Theresa May invokes Article 50 of the Treaty on European Union to formerly start the negotiations. Disentangling the UK’s trade, immigration and legislative links is scheduled to take two years.
Many UK citizens found much to dislike about Britain’s membership of the EU. Unfair fishery and agricultural policies, the ability of EU courts to overturn rulings of the UK justice system, and the very sticky subject of immigration.
GDPR and protecting privacy
On the flipside, EU membership brings many positives. Despite misgivings over the seeming conflict of legal systems, one of the most interesting things about EU law is that it is robust in defending the rights of citizens and it is actually very good for protecting privacy and protecting Personal Identifiable Information (PII) data held by companies.
The EU General Data Protection Regulation (GDPR) is scheduled to enter force on 25 May 2017. This strengthens and unifies data protection of PII within the European Union. With the UK leaving the EU, this might mean UK citizens are taken out from the umbrella of protection of PII afforded by GDPR.
Cherry picking the best of the EU
However, perhaps the really nice thing about leaving the EU is the UK can cherry pick the laws which work and shed the ones that don’t work for the country. The UK government has publicly announced it intends to replace the 1988 Data Protection Act (DPA) with legislation that mirrors the European Union GDPR.
It is believed writing EU GDPR into UK law will enable the uninterrupted and unhindered flow of data between EU states and the UK. One of the key areas of concern is law enforcement data, essential for joining up a co-ordinated response to security and criminal threats.
As well as enabling a joined up approach to security, writing EU GDPR into UK law should enable harmonisation and the creation of a data protection environment that is seamless, allowing businesses of all types to operate without privacy issues and unnecessary bureaucracy.
Take control of GDPR and protecting PII with Paralogic
The government is bringing legislation forward in the next parliamentary session to formerly start the process of writing GDPR in to UK law.
However, from the point of view of implementing GDPR, UK firms should act to adopt the appropriate policies and methodologies as soon as possible and should not wait for it to become UK law. There is an overlap of at least 22 months between the introduction of GDPR and the UK leaving, and in this time, UK firms will be bound by EU-wide law.
To find out more about how we can help your firm to take control of meeting its obligations under GDPR, simply get in touch today.
Do you want some free, Strategic IT support?
Get started with a free one hour IT consultation. Discover the latest technology and discuss your current and future IT requirements.Talk to us ›