No Brexcuses: GDPR preparations must continue

Chris Russell

Chris Russell

Whether or not you voted for Brexit and whether or not you believe it’s a done deal, there’s one thing post-EU Referendum that surely isn’t up for debate. For British companies wanting to trade with Europe, the bureaucracy of Brussels isn’t going away – and that applies in particular to data protection, writes Chris Russell.

Some business people may well have heaved a sigh of relief on Friday 24 June at the very thought that the General Data Protection Regulation (GDPR), the tough new European data protection regulation that was adopted in April 2016 and comes into force in May 2018, would no longer apply in the United Kingdom. That idea was based on the premise that the important thing is where the data’s stored.

Unfortunately, that’s not true under the GDPR. What matters is whether the data concerns EU citizens, irrespective of where it’s stored.

Current UK data protection legislation comes from the Data Protection Act 1998, itself based on the 1995 Data Protection Directive. That will be superseded in Europe by the GDPR less than two years from now. In other words, even if Article 50 were notified right now, the GDPR would come into force before the Article 50 two-year post notification period runs out.

As the GDPR is a regulation and not a directive, it doesn’t require enabling national legislation to become law. That means it will apply here in the United Kingdom, whether we like it or not.

Even once Brexit is fully negotiated and implemented, the chances are that the UK will either have to comply with the GDPR or implement data protection legislation of its own that the EU deems adequate (ie the same or very similar) if it wishes to keep trading with the European Union. This is likely to be equally applicable to the Network and Information Security Directive which has until May 2018 to be implemented in national law.

Making a serious mistake

If UK businesses have any ambition to continue selling to their European customers, viewing Brexit as an opportunity to side-step data protection obligations is a serious mistake.

Despite the GDPR’s short-term disruption, the regulation is likely to have a positive impact on the data security industry. It will accelerate the modernisation of Europe’s data security practices and enforce consistency of approach between EU Member States.

Nonetheless, it will require European businesses of all sizes to take a very close look at their security, including those in the UK.

From both the commercial and practical perspectives, preparations must continue. Regardless of what they make of either Brexit or the GDPR, businesses in the UK have no choice but to keep pace with the regulation.

Chris Russell is CTO at Swivel Secure

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts