GDPR and the spectre of Brexit
What happens to data protection rules if/when we leave the EU? There are two areas that need to be addressed: 1. The here and now and 2. One depending on the outcome of a withdrawal
Well, in short, we don’t know. But what is sure is that the Data Protection Act 2018 is UK law and is in place, although there are still questions that need clarification around the transfer of data from the UK to countries within the EU if we leave the union. This is why it is essential that you consider having professional representation if you are dealing with territories outside the UK.
- If you’re transferring, viewing or processing information outside the EU, certain checks have to be put in place and agreements, in turn, listed within your policies or notices. If you’re a company not based in the UK or within the EU, you will need to appoint representation within the EU economic area.
- Thoughts to be had depending on UK classification by the EU, representation in one of the other 27 member states will become a legal requirement.
We have noticed that currently we are seeing a lot of phishing attempts purporting to be HMRC tax refunds so in the age of digital disruption, businesses need to be scanning the horizon for cyber threats on an on-going basis.
We’re coming to the end of the transitional period so the Information Commissioner’s Office is likely to be tough on businesses that can’t show sufficient control and protection over the data they own – especially in the light of a breach. This could result in fines of up to four per cent of an organisation’s global turnover or £17.5m, (whichever is higher) so businesses must continue to make sure they are compliant.
In addition to fines for lack of compliance, businesses that aren’t on top of their security face very real risks from socially engineered attacks like Ransomware and other targeted, advanced assaults. This could mean lost revenue or customers but the reputational damage can extend beyond repair with a serious breach ruining a business.
Why this is important.
It is a minefield, so why not take up a free review and consultation with one of our experts who can highlight what it is you need to comply with data protection rules?