toriglobal.com
Will BREXIT save you from the European Union’s onerous new data
protection rules?
The European Union’s (EU) General Data Protection Regulations (GDPR), comes
into effect on 28 May 2018 and will immediately introduce arduous new obligations
upon any organisation possessing data belonging to EU citizens.
The GDPR will require organisations to obtain an individuals’ explicit consent before
the organisation stores or uses (processes) data relating to that individual (the data
owner). An organisation will no longer be able to rely upon the implied consent of a
data owner. This requirement will have a substantial impact on the development of
systems and software, as organisations will no longer be able to use ‘real data’ by
merely ‘data masking’ confidential data components.
Organisations already face great difficulty in retrieving, restoring and making
available data that is potentially distributed across the organisation (onshore/offshore
data centres and cloud). The GDPR will require organisations to freely provide data
owners with a copy of all their data in a commonly readable format to allow for data
portability. A data owner may also exercise their “right to be forgotten”; whereby the
data owner withdraws their consent to an organisation holding or using their data,
and the organisation is required to perform an erasure of all a data owner’s data.
Where an organisation suffers a data security breach, the GDPR requires them to
notify the organisation’s supervisory authority within 72 hours of becoming aware of
it. The notification to the supervisory authority must: (1) describe the nature of the
personal data breach, including the number and categories of data subjects and
personal data records affected; (2) provide the data protection officer’s contact
information; (3) “describe the likely consequences of the personal data breach”; and
(4) describe how the controller proposes to address the breach, including any
mitigation efforts. There are also notification requirements to data owners, where it is
determined that the personal data breach “is likely to result in a high risk to the rights
and freedoms of individuals”.
Post-BREXIT - why the GDPR still matters to United Kingdom (UK)
organisations
The UK service sector accounts for almost 80 per cent of the economy. At the core
of the service sector is data and the free movement of data across national
boundaries. Tiny disturbances in the flow of data across the single market can have
major consequences, not only on individuals, but on UK organisations and the
economic stability of countries.
Post-BREXIT, if a UK organisation wishes to trade or carry out business with an EU
organisation, it will need to implement and comply with GDPR requirements or face a
range of negative consequences, including: loss of trade and business within EU
member states, added costs, and additional trade and business complexities.
experience. the difference.
1
toriglobal.com
The UK will soon be a country outside of the EU, but UK organisations still need to
consider foreign laws and regulations, such as the GDPR, and develop forwardthinking business and technology strategies. This will ensure compliance with foreign
legal and regulatory requirements, and allow them to continue uninterrupted trading
and business growth.
Costas Liassides is a Senior Technology
professional with over 25 years of experience,
in-depth knowledge of technology and
technology trends and the application of IT to
support and to drive business strategy.
[email protected] / 0207 025 5555
experience. the difference.
2