How Brexit Could Affect Information Security In the UK
With large scale data breaches often in the headlines and with GDPR due to come into force in May 2018, what effects will a post-Brexit UK have on the work of information security professionals and those charged with protecting company data?
The UK Brexit vote is a statement of intent (as article 50 has not yet been triggered) that will have many implications, one of which is likely to be a change where data security is concerned.
Here are some insights into the possible post-Brexit implications for information and data security in the UK.
GDPR Will Still Apply Here.
Several Options For Data Protection Law Models.
Changes for the ICO?
Until Brexit, the Information Commissioner’s Office (ICO) looks likely to remain part of the Article 29 Working Party, a body of EU data protection authorities. It is not yet clear though how the ICO will participate in the European Data Protection Board which is the successor to the Working Party under the GDPR.
If Brexit occurs without the UK joining the EAA, data transfers from Europe could be affected. The UK could end up having to implement something similar to GDPR anyway in order to gain adequacy.
UK access to law enforcement data could be adversely affected by Brexit due to mistrust of the UK’s surveillance powers and laws by other EU countries. This could mean that UK may have to negotiate data transfer agreements with other EU countries (which may still include Scotland).
What Does This Mean For Your Business?
Until a definite direction for post-Brexit data protection laws is settled upon (which could take years), businesses can only act on what looks certain and / or highly likely.
We know that GDPR will apply anyway and other models we could follow are likely to be quite similar to GDPR. Given the relatively limited time until GDPR comes into force it seems that the best course of action is to keep preparing for it.