Brexit-tears; Crying over spilt data

In 2018 mention the acronym GDPR and you would have been ostracised at business events and thrown out from parties (possibly with good reason).

However mention GDPR and Brexit in the same breath and you’d have been driven out of the community, and possibly ‘tarred-and-feathered’! But with all the confusion around Brexit, that’s a conversation we’re going to have to have.

Data Flow

Let us start by saying that the GDPR was much needed, as the previous regulation (within the UK) hadn’t had a serious overhaul since 1998; pre-dating the birth of social media, mobile phones, and much of the digital-economy we live with today.  

The intention of the GDPR was to “harmonise the protection of fundamental rights and freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data between member states.”

The problem is that come October 31 (we believe) that we’ll no longer be one of the member states, and therefore worryingly the rules around the free-flow of personal data gets a lot less ‘free flowing’ and could become a lot more murky and uncertain.

Those of us who have worked with the GDPR (and Data Protection in general) welcomed the idea that Data could (like humans) travel to member states with little or no paperwork involved.  This allowed businesses to thrive and to operate in markets that were perhaps previously closed to them.  However with this new level of complexity comes (potentially) a whole new level of bureaucracy that could stifle businesses.

Don’t shoot the messenger

But it’s not just us saying this. The new CBI Report on Brexit is also fearful of a No-Deal-Brexit, and what it could usher in for the UK and the economy.  The report details many aspects of the impact on the UK and Europe, and only one of these issues/concerns relates to the free flow of data.

Other concerns relate to movement of goods, tariffs and taxation, Northern Ireland, and global relations. Is it a cheery read!? No, definitely not. But should it be read? Absolutely.

Whether you’re a ‘Remainer’ or ‘Brexiter’(?!) it really doesn’t matter now. There is a lot of confirmation bias around Brexit, but I don’t think any of us can now doubt that the time to delay planning is gone. Indeed that boat has sailed from our shores and none of us are on it!  What we need to do now is start planning (ok, arguably we should have been doing that over 2 years ago, but better late than never!)

Contingency Plans

At Cyberfort we have specialists who have helped organisations large and small, national and international, prepare for the things they don’t really want to think about. Everything from industrial action, pandemics, data outages, data loss/corruption through to natural disasters and economic and social unrest.  

The CBI Report is calling for better, or at least some form of contingency plan to be drawn up.  The recommendations, of which there are over 200, are sound advice for the UK Government and EU Parliament. So I hope they’re listening.

But our question to you is; Are you listening too?  Have you started to plan for a No Deal Brexit yet? If not, why not? What are you waiting for?

And before anyone states ‘Hey, I don’t deal with Europe’, I’ll have to assume a number of things.  Firstly, that you have checked all your software providers (Google, Amazon, Microsoft, Sage, Xero, SalesForce, HubSpot, Slack, etc) are housing your data (and your employees, customers, clients etc) in UK data centres.  

Where data is housed in locations outside of the UK you have audited their technical and organisational security measures (and can evidence this) and/or put in place additional security controls including Binding Corporate Rules (BCRs) for intra-organisational cross-border data transfers.

Conclusion

Now, the above isn’t meant to scare you. It’s meant to alert you to the fact that you need to take action today.  Will you get it 100 percent right? No. Will it be perfect? No. But as George S Patton once said: ‘A good plan violently executed now is better than a perfect plan executed next week.’

Contingency planning isn’t hard, but it’s not easy either. It takes you out of your comfort zone and makes you think the unthinkable.  

Considering moving your data to a UK data centre might sound hard, but there are experts out there that can help you.  We know because we’ve employed many of them at Cyberfort who can talk to you about this.

Putting in place good policies and practices to protect personal data might sound difficult, but there are also experts within Cyberfort who love doing this and can make the whole process easier for you.  Not just from a technical perspective, but from a business one too.

To conclude;

• Having a plan of action costs nothing.
• Acting on the plan does have a cost.
• But the cost of doing nothing isn’t worth thinking about. And for me, that’s even scarier than a party full of GDPR and Brexit enthusiasts!

Good luck.