Boris Johnson 'Signing In' to Downing Street
Just when many people thought it was safe to raise their heads from the GDPR parapet, we are faced with a situation that could be even more pressing than the run up to May 2018, the date GDPR first came into force, writes Dan Harding
With Boris Johnson confirmed as the UK’s new Prime Minister, his hardcore stance on Brexit has been made blindingly obvious during his leadership battle. As far as he is concerned, there is no compromise to be had.
But, aside from the many questions this stance raises with Brexit, it could also create a whole new world of issues and potentially pain around General Data Protection Regulation (GDPR).
This is after many companies and organisations across the country felt they could breathe a sigh of relief after getting all their GDPR ducks in a row. Or so they thought. Brexit could well be a gamechanger.
Once we are out of the EU, and if Johnson has his way it will be with a no deal come 31 October, companies that believed they were compliant under the guidelines could now find themselves back to square one, because we have no way of knowing if the EU will recognise the UK as being GDPR compliant after we leave.
It is an issue that many organisations will not even be thinking about right now, because for so many of them and their customers, they are still working out how to become GDPR compliant in the first place. But the goalposts could well be moving very soon, and firms need to be aware of that and must start taking precautions.
After all, as promised, the EU has already starting heavily fining organisations that compromise their customer data. In just the last few weeks we have seen British Airways and the Marriott Hotel chain fined almost £300m between them by the Information Commissioner’s Office (ICO) over data protection breaches. Although both companies are appealing the decision, these cases could just be the tip of the iceberg.
For us at Sign In App, GDPR was and still is a huge deal. We have ensured that all our UK customer data is stored in the UK, exactly where it should be; but there are many schools for example – one of our key markets – that will have their data stored in datacentres all over the world. And this could lead to problems post Brexit.
We personally are already having to sign agreements and go through lengthy processes over Ts&Cs with new clients before the prospect of a hard Brexit even becomes reality. But it is something that cannot be ignored and needs to be discussed at every level and at every stage of a business relationship.
How many companies with both local, and international clients are thinking ahead and ensuring that data is stored in a compliant location post Brexit? What will it mean for those that don’t consider this issue now? Will they face huge fines in the future? Everything is still very much up in the air, but it doesn’t mean it shouldn’t be a consideration from this point on.
The point about GDPR, while leaving a bitter taste in many mouths, is it actually has made a difference in terms of respecting the privacy of individuals and companies, which in the eyes of many has made it a successful strategy.
On a more positive note, this situation could also be turned into an opportunity for those companies that are agile enough to get ahead of the game and pre-empt what could happen with data protection laws post Brexit.
It is something we at Sign In App are already working very hard to achieve with our clients to ensure we stay one step ahead of this ever-changing issue. You can never be too careful.
Neither we, nor our customers can afford a significant fine pre or post Brexit. Can you?