As the UK awaits the result of the key Brexit vote this evening, the question of post-Brexit GDPR is rising in business’s minds.
If the vote tonight fails to pass, it will significantly increase the chance of the UK leaving the EU without a Brexit deal. And if this happens, post-Brexit GDPR will still apply in part, but some aspects of the law will require different handling by businesses.
This change is causing growing concern among businesses, according to Martin Warren, Cloud Solutions Marketing Manager EMEA at NetApp.
“A recent NetApp survey revealed that almost a third of SMBs (30%) believe GDPR worries will be eclipsed by the new data sovereignty concerns created by Brexit,” he said, adding that many businesses are still not meeting the requirements of GDPR, despite it being almost a year since the law came into force.
Get your data in order ahead of post-Brexit GDPR
With so much uncertainty, Warren urges businesses to get their data in order now so that they can respond to any changes brought about by Brexit – be they minor adjustments to post-Brexit GDPR or a complete overhaul of the law in favour of a stricter approach.
“It is vital that UK businesses know exactly where their data sits and that it’s being correctly managed, based on current legislation but also impending changes that may occur as a result of the UK leaving the EU,” he said.
“We can view the GDPR as a test run for future regulatory changes – those who have their data in order will automatically face Brexit from a stronger vantage point.”
This is particularly important when it comes to data being handled by third parties.
“If data is in the hands of a third-party, then businesses must ensure that the companies concerned are compliant with the necessary data protection and industry regulations. A stringent data management MOT checklist is essential to keep their houses in order, to both keep up with current regulations and to prepare for any changes that may arise from a no-deal Brexit,” said Warren.
“This will include, for example, ensuring that the cloud service providers tasked with managing a business’s data, or any other company based outside the UK – or with data centres and operations outside the UK – are compliant. It is up to each business to know where and which country their data resides in – and there is no room for complacency.
“It means more than just knowing where all your data sits, including backups and DR copies, but having control over that data so that businesses are able to react nimbly when needed. This is important in a situation where data is either not being handled correctly, or when a business needs to respond quickly to regulatory changes with a shift in their data management strategy.”
Whether the UK leaves the EU with a deal or crashes out in a no-deal situation, data management needs to be a priority for businesses that do not want to fall foul of the law.
“Regardless of the Brexit outcome, data management needs to be front of mind – there’s clearly more to be done in terms of GDPR compliancy and for those still playing catching-up Brexit could present a bit of a marathon,” he said.
“It’s time to warm-up. All stakeholders must work collaboratively across businesses to ensure their data management is water tight.”