Data and securityCyber SecurityComplacency over GDPR could put UK companies at risk

Complacency over GDPR could put UK companies at risk

Britain’s decision to leave the European Union has led some data professionals wrongly thinking they will no longer be affected by EU’s General Data Protection Regulation

Britain’s decision to leave the European Union has led some data professionals wrongly thinking they will no longer be affected by EU’s General Data Protection Regulation (GDPR), which is due to come into force in 2018.

Any business that stores, transmits or processes personal information has a duty of care to ensure this sensitive information is secure and safe. Prior to Brexit, the GDPR was gaining momentum in the UK as a government driven regulation that businesses must comply with or face substantial penalties in the event of personal information being lost or stolen.

Professionals in the field are now voicing concerns that UK organisations believe that when Britain leaves the EU the requirements of GDPR will be overridden – something that is entirely unfounded as the risks of ignoring the new global data regulations will remain.

 

EU customers

One critical area is in terms of customer retention. UK companies with customers within the EU will need to ensure that they are GDPR compliant if they want to continue trading with those customers.

John Cassidy, VP EMEA at Ground Labs said: “One common misconception is that the GDPR applies to companies within Europe, but it’s actually designed to protect European consumers. This means that if you are handling even one European customer’s personal information, you are tasked to handle his information in line with the GDPR, or face the consequences.”

Furthermore, as uncertainty over the economic implications of Brexit are likely to continue until a trading agreement has been established, ensuring full GDPR compliance could now be more complicated than before the EU vote. There is also a potential grey area over the applicability of GDPR for UK businesses dealing with EU citizens based within the UK.

Cassidy added: “There is some evidence to suggest that for UK organisations, the timetable for compliance has moved forward. By leaving the EU, the demonstration of compliance could be a longer, more involved procedure for those companies affected.”

“At the recent PCI London event in Victoria, a representative from the ICO discussed the fines that will go to the exchequer via the treasury.  This will absolutely focus businesses to ensure they are prepared for GDPR – or its British doppelganger.”

The ICO has also made statements to indicate that once the UK leaves the EU, it is likely to introduce new regulations that would be similar in scope to those laid out by GDPR.

Related Articles

Making the cloud a safe space

Cloud Computing Making the cloud a safe space

5d Guest Writer
Leading cyberlaw academic calls for review of CCTV and AFR implementation

Cyber Security Leading cyberlaw academic calls for review of CCTV and AFR implementation

1w Austin Clark
Government security analysts 'at risk of being overwhelmed by attacks'

Cyber Security Government security analysts 'at risk of being overwhelmed by attacks'

2w Austin Clark
DCMS proposes new cyber security council in latest consultation

Cyber Security DCMS proposes new cyber security council in latest consultation

3w Austin Clark
Securing unified communications – securing countries and citizens

Cyber Security Securing unified communications – securing countries and citizens

3w Guest Writer
IoT security: a barrier to deployment?

Cyber Security IoT security: a barrier to deployment?

3w Guest Writer
Cyber matters – now not later

Cyber Security Cyber matters – now not later

4w Guest Writer
Housing associations collaborate around cyber awareness

Cyber Security Housing associations collaborate around cyber awareness

4w Austin Clark