Just over two weeks have passed, and many businesses are still trying to address the elephant in the room: what happens now, post-Brexit?
From a data protection perspective, here’s what we’ve discovered. As most business owners are aware, an EU regulation (the General Data Protection Regulation, or GDPR), was due to replace the UK’s Data Protection Laws, starting May 2018.
So what impact will the EU referendum have on the UK’s data laws during a period in which the UK will be negotiating its EU exit? In short, there’s no certainty.
However, there is plenty that your business can do to prepare for the most likely outcome.
Following a statement from the Information Commissioner’s Office at the close of last week, we do know that that clear laws and safeguards are needed more than ever in a growing digital economy and it is likely the ICO will be presenting the view that the reform should still go ahead.
Information Commissioner, Christopher Graham, stated:
“With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens.”
“The ICO’s role has always involved working closely with regulators in other countries, and that will continue to be the case.”
Esendex is a part of this growing digital landscape and we recognise the importance of compliance. After all, even in the aftermath of Brexit, the UK will not be without a Data Protection law – our Data Protection Act will also need updating to effectively meet the business needs of companies processing personal information in the 21st century.
A separate statement by the ICO replicates that sentiment:
“We still think our plan of what guidance to expect and when remains useful. This is because once implemented in the EU, the GDPR will be relevant for many organisations in the UK – most obviously those operating internationally.”
So what can your business do to prepare?
We’ve broken it down into five key takeaways:
1. Knowledge and understanding
If you may have employees within your company who are unaware of the Data Protection reform, or fundamentals of the UK legislation itself, it could cause compliance risks. Raise awareness of the current UK legislation and consider the implications that the GDPR could bring. Irrespective of EU membership uncertainty, leaving preparations until the last minute could see your business suffer.
2. Compliance and consent
How is your business collecting, storing and recording data consent? There are references to ‘consent’ and ‘explicit consent’ in the GDPR. How does your business define consent: is it implied, opted-in or inferred from inactivity? If you can’t demonstrate that consent has been given in the first instance, it’s time to start looking at your processes for obtaining it.
3. Data storage
If you can’t track or find where your data came from or with whom you are actively sharing it, across departments or with third parties, then an information audit is necessary. The GDPR looks set to reinforce both privacy and accountability.
4. Third parties
Data storage also ties in neatly to third party sharing. If you are sharing your customer’s data with third parties, to process the data you have collected on your behalf, are you aware of how they will achieve this? Esendex offers complete transparency in our data protection practices; we will never interfere with your customer’s data or adopt it for our own use. Our ISO 27001 accreditation also gives you assurance that the information we process for you is handled securely. Investigate the processes of those with whom you share data to ensure they maintain your standards, the standards of UK legislation and potential EU reform rules.
5. Individual rights
Do your current processes cover the rights of individuals in terms of data access in reasonable requested formats or procedures for erasing data held? How easily do your current systems and processes enable you to handle individual data requests? Data portability is one aspect of the GDPR that you may want to action.
To learn more about our security standards or about any of our products or services contact our team on 0345 356 5758.