final thought
CONTINENTAL DRIFT
Nic Scott of Code 42 discusses the issues surrounding data protection and , in the wake of the EU referendum , how UK companies should respond .
It is official – Brexit is happening . Due to the outcome of the EU referendum , Britain will be taking its leave of the EU . This highly contentious political battle was decided by an extremely narrow margin , with 52 per cent of British voters opting to leave , and 48 per cent choosing to stay . The momentous decision has sent shockwaves through financial markets , leaving the pound significantly weakened in its wake . Yet despite the deluge of articles penned about Brexit , the outcome of the vote still poses more questions than answers and that includes CIOs and CISOs .
We are entering a period of uncertainty here in the UK and the process of extricating the country from Europe will not be a simple one . In fact , it is likely to take place over a period of years , as the terms of departure are worked out . However , one thing has been made clear by the UK ’ s political leaders in the aftermath of the referendum – Britain will still seek to participate in the EU Single Market .
Staying in the Single Market The EU Single Market operates on the principle of a sole territory without borders or regulatory obstacles to the free movement of people , goods and services . As the UK will no longer be bound by the same legislation that member states are held accountable to , the specific terms of its involvement with the Single Market are yet to be established . To gain an understanding of how this is likely to work out , we can look at examples of countries such as Norway and Switzerland .
These countries form part of the European Free Trade Association ( EFTA ) and have separate trade agreements with the EU . In order to maintain these , however , Norway and Switzerland must abide by the majority of EU trade regulations and laws . We can expect the UK to participate in a similar arrangement – but what effect will this have on the IT department ?
The GDPR reality The UK economy is heavily reliant on services , which account for nearly three quarters of its annual turnover . It is also a burgeoning digital economy , with 10 per cent of GDP accounted for by digital industries . So Brexit , as well as any subsequent trade agreements , is likely to have a significant effect on how IT departments devise and implement InfoSec policies . Also adding an extra layer of complexity is the fact that the EU is in the process of updating its own data security regulations .
The General Data Protection Regulation ( GDPR ) is set to come into force on 25th May 2018 , replacing fragmented , country specific legislation around data protection . One of the key stipulations of the legislation is that companies are liable to pay heavy fines in the event of a data breach , if they are deemed to not have done enough to safeguard customer information . For instance , GDPR requires on an organisation to remediate and report any breach to customers within 24 hours .
As a result , an organisation must be able to detect a breach , report both to the individuals affected and also the authorities what happened ,
44