Forget hard borders, consider the invisible ones - Rashmi Dube

Times call for extra dilligence
Times call for extra dilligence
Have your say

Do you have personal data within your business?  It is highly likely that the answer is yes. Have you complied with GDPR – yes …. but why I am bringing this all up again given all the hoops businesses had to go through in order to comply?

Well the sand in the egg timer is running out and we are rapidly approaching a no-deal Brexit which will instantly disrupt the UK’s global data hub. To date, there has been an emphasis on the ‘hard’ borders – products and people inflow and export but what of the invisible border and data? Since the introduction of the internet and digital economy, there has been a free flow of data within the EU.

Business conditions are tough

Business conditions are tough

With no deal, there will be a massive cost consequence for sectors such as finance, hospitality, manufacturing and technology. The disruption could be enormous.

A couple of weeks ago a new report was published by University College London (UCL) stating that a no-deal Brexit would disrupt the free flow of commercially valuable data between Europe and the UK. The report highlights concern about how far this oversight could damage the UK economy.

The report states “…services comprise 80 per cent of the UK economy, and disruption to EU-UK data flows could be as economically damaging as disruption to trade in goods…” The report goes on to say that “… revenue of around £174bn generated for the UK as a key hub in the global movement of data will be almost instantly at risk in the increasingly likely event of a no- deal Brexit”.

The real issue here is that most companies, if not all, use IT and the internet for all aspects of their business. It is a way to communicate with colleagues, customers and partners, together with being vital for the management of money.

GDPR remains in the spotlight

GDPR remains in the spotlight

Most of us in business will feel irked and frustrated. We have just implemented GDPR and that was both time consuming and costly. It can be said that that data was cleansed but I am sure a lot of us feel we “lost” some data during the process. What we now find ourselves in is yet another “compliance” requirement so soon after GDPR.

Having spoken to a number of companies, they have all confirmed that more resources, money and time are being thrown at this situation with no clear guidance on what is going to happen.

Some guidance is being offered by the Information Commissioner’s Office (ICO), but without a special dispensation from the EU after Brexit called an “adequacy agreement”, companies receiving data from the EU could find themselves facing huge extra legal bills to ensure compliance.

The UCL study says: “This requires companies to direct immense costs and resources towards enabling [previously unrestricted] data transfers.” The UCL experts say it is far from certain that an “adequacy agreement” would be made because of concerns about a lack of data protection rights in the UK post-Brexit and the potential for “unprotected onward data transfers”, particularly to the US.

The average business may think “well I don’t import/export data,” but the question here is have you checked? Do you know who your suppliers are? In the absence of any grace period or agreement, let’s not forgot that the European Commission has the power to issue a fine of 20,000,000 euros, or 4 per cent of a company’s global annual turnover for breach.

The help at present can be seen in the ICO guidelines which are:

Continue to comply with GPR and DPO

Review data flow to the UK – where are you receiving your data from?

Review what data you are sending outside the UK.

European operations – operating in Europe you will need to review your structure, process operation and data flows. An assessment of the UK’s exit from the EU should be carried out to understand how data regimes apply to you

Review your privacy documentation in light of leaving the EU

Ensure that key people within the organisation are aware of these key issues and include them in the planning stage.

The long and short of it all is any business that has data is likely to be importing and exporting along those invisible lines. Act now to at least review the situation and become aware of what you could be risking – welcome to the brave new world.