Since it’s cybersecurity month, we thought the second blog in our Brexit Blog Series should take a look at the implications Brexit may have on data protection and cybersecurity.
The UK is scheduled to leave the EU on 29th March 2019, followed by a two-year transition period ending on 31st December 2020.
With just over five months to go until the UK leaves the EU, what implications will Brexit have on data protection and cybersecurity? What do these implications mean to your business? What should you be doing now?
Let’s find out!
The UK passed the Data Protection Act (DPA) in 1998, incorporating the EU’s Data Protection Directive 1995 into UK law. When the DPA 1998 came into force, the internet was still only young. After all, this was the year that Google was founded!
Today we have a myriad of connected devices, the continuous development of AI and sophisticated cloud computing. Computing and the internet are a core part of our everyday lives. As a result of this rapid development and outdated data protection laws, the EU introduced the General Data Protection Regulation (GDPR) in 2016 – a binding piece of legislation – to EU member states. All 28 member states (including the UK) have had two years to implement the legislation and prepare for when it come into force this year on 25th May 2018.
The GDPR is the protection of personal data within the EU and beyond, establishing new responsibilities for both data controllers and data processors. The regulation also introduced strict penalties for failure to comply, whereby businesses risk fines of up to 4% of their global annual turnover, not to mention irreparable damage to their reputation.
The UK doesn’t leave the EU until 29th March 2019 and because the GDPR came into force on 25th May 2018, the UK is bound by the GDPR, which replaced the DPA 1998.
If the UK is to collect, store or use any EU citizen’s data, then the UK must remain in line with the provisions of the GDPR and not fall back on the outdated DPA 1998. The UK passed the Data Protection Act 2018 shortly after the GDPR come into force, which mirrors the GDPR and brings it into UK law.
All businesses must now maintain GDPR and DPA 2018 standards for personal data protection to avoid heavy penalties should a breach occur. Best practice includes ensuring privacy and security by design, collecting data that you need for processing purposes, breach management, ongoing employee training and using tools to continuously monitor and detect any potential breaches.
On 13th September 2018, the UK government published ‘data protection if there’s no Brexit deal’ – guidance in case the UK leaves the EU without any future trading relationship deal in place.
The cybersecurity industry has its concerns in light of Brexit, including the worry of an already widening skills shortage post-Brexit. Most importantly, there are concerns about the effect of Brexit on cybersecurity and the fight against cybercrime, given that the UK will be leaving Europol – the EU’s law enforcement agency which also helps tackle cybercriminals. What relationship the UK will have with Europol after Brexit is uncertain.
However, it’s likely that as both the EU and UK have a strong common interest in tackling cybercrime, they will come to an arrangement given that cybercriminals, Brexit or no Brexit, are going to continue plotting cyber-attacks.
Let’s watch this space!
For the foreseeable future, the UK will most likely follow EU-influenced data protection and cybersecurity laws.
Keep an eye out on the ePrivacy Regulations – when they come into force and the implications they may have – as well as watching out for the EU’s proposed cybersecurity legislation. Yet this is likely to be implemented during or after the transition period, meaning the UK won’t be bound by it.
UK Prime Minister, Theresa May, pushed her Chequers deal at the Conservative Party Conference two weeks ago in Birmingham, but wasn’t received well by some of her own party. May is due to fly to Brussels this week for crunch talks and there is hope of positive outcomes, especially concerning the Irish border.
The European Council President, Donald Tusk, said in advance of the summit that there is ‘no grounds for optimism’ and May must come up with ‘concrete proposals’. Will there be a deal on the horizon? Or will there be no deal?
Download your FREE whitepaper – Brexit: How will Brexit affect your UK business?