final thought
how it happened and how it has
been fixed. Whilst it may be
tempting for UK based companies
to disregard these regulations on
the basis of Brexit, it would be
misguided to do so.
A question of compliance
Even though UK businesses will no
longer be bound by the GDPR by
default, any incarnation of a UKEU trade agreement would likely
involve adherence to the GDPR as a
prerequisite. In fact, for companies
reliant on the open flow of data
between the UK and EU, it may
even be advisable to ensure that
data protection is on par, or superior
to, the requirements set out in the
GDPR. Doing so would minimise
the risk of scaring away foreign
investment and quell any uncertainties
about data security.
This is because there is no
guarantee the EU would accept
a new UK centric data policy, and
any adequacy assessment of new
regulation would almost definitely
reflect the new GDPR regime, and
not the EU directive that is in place
today. The fact of the matter is
that a ‘Brexit’ is not likely to make
compliance with data protection law
in the UK any easier. So how can
organisations future proof themselves
from a data security standpoint?
Taking action now is the most
important thing. As the saying goes,
to be forewarned is forearmed. Begin
the process of revising IT strategies
as soon as possible to avoid being left
behind. It could also be key to gaining
a competitive advantage over rivals.
The best way to achieve
compliance and beyond is to
ensure that your organisation has
a comprehensive security stack
in place which comprises, at the
The process of extricating the country from Europe will not be a simple one.
bare minimum, of antivirus, breach
detection and modern endpoint back
up tools. This serves the dual purpose
of defending against data breaches
and allows you to detect and mitigate
the damage caused by any potential
breach as soon as possible. With the
right solutions in place, along with a
clearly communicated security policy
for staff, your company is in a great
position to do business across the EU
– whatever the future holds.
A couple of key elements of GDPR
requirements on an organisation relate
to the remediation of any breach and
reporting of such a breach. Failure
to comply with either of these within
a short space of time can trigger
those same fines. This means that an
organization must be able to detect a
breach, report both to the individuals
affected and also the authorities what
happened, how it happened and how it
has been fixed.
45