Rolling on the river

storageage 

Change is coming 

GDPR is set to shake up current data protection laws, and it is imperative 

that businesses embrace these new regulations in order to survive 

T 

he UK felt the rumblings 

of a seismic socioeconomic 

and political 

shift this year. On 23 

June, the British public voted – 

narrowly – for the UK to leave the 

European Union. 

Brexit chaos ensued, the prime 

minister resigned, the pound fell, and 

protests and petitions gained traction. 

Change is very much on the horizon 

for British and European citizens and 

businesses when the new PM invokes 

Article 50 of the Lisbon Treaty – the 

formal procedure for leaving the EU. 

Will we have access to the single 

market? Will we be able to live abroad? 

Will we be able to recruit the top 

talent? Will immigrants still be allowed 

to cross our borders? 

There are so many political, economic 

and social questions to which no 

one really knows the answers. One 

question we can answer, however, is: 

will UK businesses be expected to 

comply with the EU General Data 

Protection Regulation (GDPR)? 

The answer is categorically yes, and 

businesses that do not adhere to GDPR 

standards will be fine-riddled to the 

point of collapse. 

All change 

GDPR is a shake-up of current data 

protection laws. It is designed to 

protect personal information in an 

‘If the EU GDPR was in 

force when this breach 

occurred, TalkTalk 

could have been hit by a 

potential fine of up to 

£70 million on top of 

other breach costs’ 

>> Stephen Love, security practice lead 

for EMEA, Insight 

increasingly digital world. Under GDPR, 

the definition of personal data will be 

expanded to include online identifiers, 

as well as biometric and genetic 

information. The proposed regulation 

was finally agreed by the European 

Parliament earlier this year and will 

come into effect on 25 May 2018. 

Effectively, the EU GDPR will 

harmonise those businesses that trade 

in and out of Europe, by requiring 

those organisations to ensure an 

adequate level of protection for the 

rights and freedoms of individuals in 

relation to the processing of their 

personal data, as specified by the 

regulation itself. 

Post-Brexit situation 

Regardless of whether the UK is in or 

out of the EU, UK companies are still 

likely to be subject to the GDPR. 

GDPR will apply, as Kirsten Whitfield, 

director of Gowling WLG’s tech team, 

says, ‘if personal data from the EU is 

transferred to a non-European 

Economic Area country’. 

Any organisation holding EU citizen 

data is bound by the regulation. 

Indeed, even those companies that 

are not receiving personal data from 

an EU country but ‘targeting goods 

and services at an EU market 

through personal profile data of 

EU citizens will still fall under the 

GDPR’, remarks Whitfield. 

There are so many scenarios – 

even where a business’s IT provider 

is based – irrespective of future 

UK legislation, that will dictate 

whether a company is in breach 

of the impending GDPR. It is 

imperative, therefore, to get GDPRready, 

or face the consequences. 

September 16 information-age.com 

27

Previous page

Next page

1

2

3

4

5

6

7

8

10

11

12

13

14

15

16

17

18

19

20

21

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

45

46

47

48

49

50

51

52

Rolling on the river

Create successful ePaper yourself

Delete template?

Save as template?