Many of Britain鈥檚 data professionals mistakenly believe the decision to leave the European Union means they will no longer be affected by impending EU data regulation.
The EU鈥檚 General Data Protection Regulation is due to come into force in 2018, when Britain鈥檚 exit will not yet be complete.
And聽even after Brexit, UK businesses will still have to comply.
鈥淭here are some misconceptions around the impact of Brexit on the many thousands of organisations responsible for storing and managing sensitive personal data,鈥 said John Cassidy, VP EMEA at Ground Labs.
鈥淲e have discussed the issue with a number of UK businesses that believe if Britain leaves the EU then the requirements of GDPR will somehow be overridden.
鈥淭his is entirely unfounded as the risks of ignoring the new global data regulations will remain.鈥
A legal聽expert told a 老九品茶Cloud Internet of Things聽roundtable before the Brexit vote聽that the EU regulation will still have to be adhered to if Britain opted out – and that consent for data to be collected and used by companies will have to be explicit rather than vague in 2018 and beyond.
Any business that stores, transmits or processes personal information has a duty of care to ensure this sensitive information is secure and safe.
Prior to Brexit, the GDPR was gaining momentum in the UK as a Government-driven regulation that businesses must comply with or face substantial penalties in the event of personal information being lost or stolen.
One critical area is in terms of customer retention. UK companies with customers within the EU will need to ensure that they are GDPR compliant if they want to continue trading with those customers.
鈥淥ne common misconception is that the GDPR applies to companies within Europe, but it鈥檚 actually designed to protect European consumers,鈥 added Cassidy.
鈥淭his means that if you are handling even one European customer鈥檚 personal information, you are tasked to handle his information in line with the GDPR, or face the consequences.鈥
As uncertainty over the economic implications of Brexit are likely to continue until a trading agreement has been established, ensuring full GDPR compliance could now be more complicated than before the EU vote.
There is also a potential grey area over the applicability of GDPR for UK businesses dealing with EU citizens based within the UK.
Cassidy said:聽 鈥淭here is some evidence to suggest that for UK organisations, the timetable for compliance has moved forward.
鈥淏y leaving the EU, the demonstration of compliance could be a longer, more involved procedure for those companies affected.鈥