Brexit will not trump the EU GDPR
As the months draw ever closer to the inception of the EU GDPR, a revolutionary piece of legislation that will alter the way global business handles data privacy and IT/Cyber security; there may be a question as to how, if at all, Britain’s exit from Europe will impact the effects of the directive on UK business.
While some may be viewing Brexit as a lesser of two evils in its potential ability to mitigate the effects of the GDPR directive, the truth is not so straightforward. The same financial predicament incurred by European companies and any global business handling data belonging to clients living in the EU will also fall on UK businesses. Though the fallout from Prime Minister Theresa May’s triggering of Article 50 has seen various economic and political consequences already manifest, the full exit of Britain from the EU may take quite some time. Thus Britain will likely remain an EU member until May 2019, a full year after the GDPR directive is set in motion, and will adopt the directive along with everyone else.
A recent YouGov survey shared a worrying statistic that less than 30% of UK businesses had begun preparing for the coming regulatory changes. So, for those businesses that have not yet assessed their compliance with the coming regulations, now is the time to get prepared. Self-awareness in business is key as small and medium enterprises, in particular, must set aside time to evaluate any privacy risks associated with business processes and activities to determine where they may miss the criteria for compliance with the GDPR ruling.
Involving your company’s IT department as early on as possible is one important step businesses should be taking, as preparations in some regard may be as simple a matter as tweaking databases. However, though some organisational changes will be speedy, others may require lengthy and expensive modifications to infrastructure and the longer businesses take to attend to these changes, the more risk they are putting themselves at when the GDPR directive takes effect.
The demand for cybersecurity professionals will only increase in line with the coming legislation, making the already concerning cyber skills gap increasingly pertinent. With many organisations having to add a data protection officer to their payroll to ensure a business’s data protection policies and procedures are in line with GDPR guidelines, knowing which key areas of cyber security employers are looking to hire in is relevant for those looking to move into the area, upskill from a traditional IT role or further their career path in cyber and IT security.
Cyber security jobs in the UK and Europe particularly need individuals with skills and experience in cloud security ahead of the new regulations taking effect. To ensure they are compliant, companies are having to assess both their software which must be up to date, as well as the risks posed by the ever-popular remote workforce. With more and more employees making use of cloud technology to share and collaborate on projects across smartphones, tablets and laptops, vulnerabilities across an organisation’s infrastructure, processes and controls are heightened. So with the EU GDPR stamping down on data protection, the relevantly skilled individuals are required to protect the assets, data and reputation of companies ahead of the May 2018 deadline.
The recent wannacry attack has also raised the need for those skilled in disaster recovery and malware in order to raise awareness of the very real threat of cyber-crime which has reared its head and continued to spread the more dependent businesses have become on technology.
Lack of information and awareness surrounding the GDPR and who will find themselves affected has been revealed as the main driver behind this unpreparedness, with some of those in decision-making roles unaware of the new rules, others uncertain of its impact on their sector and a staggering 71% of those surveyed unaware of the fines faced for not complying with the directive. With the prospect of being out of pocket 4% of your annual turnover or up to €20 million (depending on which is higher), remaining oblivious to the very real implications of the changing EU legislation could cost an organisation more than just its reputation.
So, Brexit notwithstanding, UK businesses need to bone up on the guidelines laid out by the EU GDPR and soon, because sovereignty or not, Brexit will not serve as a get out of jail free card should a data breach occur.