There is a general air of uncertainty surrounding what happens under Brexit, and GDPR policy is no exception.
GDPR Policy after Brexit
The UK is set to leave the European Union on January 1st 2021; yet, after two years of negotiation, we are still none-the-wiser to what this actually means. Businesses who deal with the EU are equally confused, especially with regard to what this means for GDPR policy. According to the UK government, GDPR will remain part of UK law and should be complied with following our exit from the EU. Although, it is advisable for businesses to check their procedures on how they handle personal data.
What is going to happen to our personal data?
The EU is conducting a data adequacy assessment of the UK and if the EU grants positive adequacy decisions by 1 January 2021, it would mean that personal data can flow freely as it does now, without any action by organisations. With only weeks to go, the EU has yet to decide as to whether they accept that the UK’s data protection regime is still adequate.
No Changes – For Now
Although at this stage nothing much is changing, industry experts highlight the need for companies, especially small businesses, to ensure their data protection procedures and data transferring. As companies have adjusted to match a new market, they may not realise that some of the procedures when sharing customer data are not compliant with UK data laws.
James Tilbury, Managing Director at leading IT support company, ILUX comments: “How the EU will respond with their opinions on our current data standards…will…only [affect] those who share data with EU countries. In the UK, things will not be changing and GDPR law remains ingrained in our data procedures.”
Increased Cybersecurity
As well as sharing customer data, businesses need to make sure that their cybersecurity is up to date. Cyber threats are not exclusive to larger companies and a data breach can be costly for a small business. Research carried out earlier this year highlighted that 1 in 10 of those working from home did not feel that they were GDPR compliant. With working from home as the “new normal”, companies need to be awake to adequate cyber defence and protection against threat. This should include specific employee training and updated GDPR communication for all staff.
