Safe Harbour is out, Privacy Shield is in; a potential Brexit is on the cards and tighter EU data protection regulations – along with bigger fines – are looming. It’s a confusing time for data protection, so maybe we should just sack off the EU and avoid the hassle altogether, right? Wrong. In our new whitepaper we look closely at the implications of the new Privacy Shield, highlighting the unanswered questions, including whether leaving the EU would save businesses from potential regulations.
The EU’s General Data Protection Regulation (GDPR) is a new set of EU data laws that are coming into force in 2018, giving businesses less than two years to get compliant. These regulations translate into percentage-of-turnover fines for those that are failing to protect their data properly (through, say, storing it in non-compliant locations outside of the EU) and more power for the national data protection associations.
You might assume that, by leaving the EU, UK businesses would avoid being taken to task by these regulations, but you know what they say about assuming – it’s a really bad idea. The bottom line is that, no matter what, the GDPR will affect your business.
This is because no matter what happens during the referendum in June, the UK will still be trading with the EU. And the EU isn’t going to be doing dealings with us without some data privacy and security standards in place. This’ll leave the UK with the choice of either agreeing to the GDPR or putting in place similar measures ourselves anyway.
Unfortunately, as our whitepaper explains, there are still some big question marks over Privacy Shield. Some serious doubts over whether it solves the problems of its predecessor mean that UK businesses still can’t be certain that their data is secure when stored outside the EU. With major uncertainty still floating about in the wake of Safe Harbour, it’s still as important as ever to be 100% sure of where your data is – especially with tightening EU regulations coming in fast.
There are other changes that’ll come in as part of the GDPR, such as a 24-hour window to notify regulators of a data breach, and requiring companies with more than 250 employees to have a data protection officer. Lots of companies will have to overhaul their internal IT security procedures so it’s important businesses are aware of what they need to do.
There are ways to minimise the risk to your, and your clients’, data and thereby also minimise the risk of fines. In our latest whitepaper we go in-depth on the new Privacy Shield agreement, the GDPR and what you can do to guarantee data sovereignty.