Britain’s decision to leave the UK has sent the political and business worlds spiralling into uncertainty; with no one able to paint an accurate or even probable picture of what Britain will look like outside of the EU, making forward-thinking decisions has become more difficult than ever.
That said, there are some things that we can cling to as certainties – and one of these has a direct effect on my industry: ICT.
If you work in cyber security and your organisation is a UK-registered business, then you will undoubtedly have heard of the new data protection rules – the General Data Protection Regulation (GDPR) – which were agreed in Brussels in 2015 and come into effect in 2018.
Allegedly much tougher than the existing UK Data Protection Act 1998, much of the new legislation focuses on the responsibilities organisations have to those whom they hold data pertaining to. For example, there will be an obligation for businesses to perform data erasure if a member of the public exercises their right to be forgotten, and there will be a responsibility for businesses to store only data obtained after explicit consent as opposed to implied consent.
Similarly, businesses will have a duty to allow individuals to see their own data in a commonly readable format so that they can, should they wish, transfer personal data from one service provider to another.
It will also be mandatory for businesses to notify the relevant authorities within 72 hrs. in the case of a serious data breach, as well as, if the breach affects individuals’ rights, who these individuals are and how they have been affected.
The additional red-tape and extra functionalities that being compliant with GDPR requires may encourage some board members to take the view that, since we will be leaving the EU, the rules won’t apply to us, and this is a good thing. Lower compliance requisites mean less stringent security and bureaucracy, and that will save money.
Well, unfortunately for these individuals, that is not going to be the case. The EU’s data protection rules will affect every entity that holds or uses European personal data both inside and outside of the EU. So, unless you don’t deal with Europeans at all (or even people who may find themselves in the EU in the future), the regulation will still apply to you.
Breaching GDPR makes your organisation liable to fines of up to 4 percent of global turnover, so it’s important that you become compliant.
Observato can help your business conform to the new regulations. By collecting all user data, collating it in one place, and presenting it in a readable format, we provide a simple solution when it comes to showing individuals what data you store about them. And, since Observato tracks every change made to data in real time (as opposed to 24 hr. backups) we make it easier to spot data breaches as soon as possible.