Veritas privacy boss Mark Keddie has warned that with Boris Johnson today saying that the UK must be prepared for a no trade deal with the EU, the question of data migration becomes urgent again for businesses everywhere.
Both the EU and the UK government have suggested, however, that a deal could still be done. But with the outcome of the UK-EU Brexit trade negotiations is still uncertain, and two-and-a-half years after the GDPR came into force, businesses must now return to the challenge of understanding their data flow.
Keddie said that action was going to be especially important for organisations that might have taken their feet off the pedal over the last 30 months, thinking that their work was done.
“Some watchdogs, such as the ICO in the UK have issued only limited fines and even pledged leniency during the COIVD pandemic, which could have lulled organisations into a false sense of security. It’s important for those businesses to recognise that action will soon lie in the hands of international watchdogs, many of which have been more willing to bare their teeth”, he said.
Since the introduction of GDPR, EU data regulators haven’t been shy to flex their enforcement muscles for GDPR non-compliance. Even taking COVID-19 leniency into account, recent fines have remained in the region of millions of Euro/Pounds. Brexit could be a painful reminder to some organisations that evidencing data compliance is high on the agenda of many, if not all, of the European Data Regulators, and not a one-time exercise, he said.
Even if a broader UK-EU trade deal was agreed, then the UK may still not receive a positive adequacy finding for some time which will have an immediate impact on the free flow of data from Europe to the UK. Understanding the lifecycle of personal data, including geographical flows will become mission critical to ensuring the compliant use of personal data for all businesses operating in Europe, Keddie said.
If a deal is agreed, the work around data diligence is seldom wasted. As we saw two-and-a-half years ago, those companies that embraced the opportunities offered by the GDPR to drive business and process transformation to get the very best from their personal data will be the real winners post Brexit, Keddie said.