The unexpected decision for the UK to Brexit the EU recently will require all businesses to adjust their approach to Data Protection.
The fundamental issue for most business will become how data protection will be governed in the UK going forward and over the next five to ten years.
Prior to the Brexit vote, most of European Businesses were gearing up to adopt the EU Data Protection Act (DPA) that is scheduled to replace the existing legislation on the 25th of May 2018. This was designed as an overhaul of the existing laws that have become weaker than the regulators would like. The new laws introduce much stronger data governance and management requirements and lead to clearer data protection responsibilities, more opportunities for personal claims for damage following a data loss, more stringent requirements for organisations, such as IT cloud providers, tighter rules on transferring data outside the EU and greater penalties for data breaches.
The UK Brexit vote and the unknown timescales and process (which could take years) will have significant implications for UK businesses that use data on a day to day basis.
There has to be the prospect that the UK does not adopt the DPA along with the rest of Europe. This could cause significant issues for businesses that need to transfer data between the UK and EU destinations. Red tape looms along with higher costs and lower operational efficiency.
These issues and changes may leave the market with a difference of opinion over the commercial viability of working with UK companies operating outside of the DPA than those within the EU operating within it. That could form the basis of a competitive advantage for EU based companies.
What is important is that companies, especially those transferring data across jurisdictions, consider how the data protection legislation will affect them. Data governance and security is a part of a business strategy and risk mitigation is a crucial aspect to protecting your business.
No comments:
Post a Comment