Time To Revisit Your GDPR Provisions
Posted on Thursday, November 29, 2018
When the General Data Protection Regulation (GDPR) came into force in May 2018, you probably thought that you had finished planning and implementing compliant processes and safeguards. Unfortunately, Brexit may have just brought the issue back to the boardroom.
Britain and ‘third country’ status
At the time of implementation, Britain was fully onboard with GDPR– indeed the regulation was enacted as the Data Protection Act 2018 in the UK. This means the same security and privacy obligations will remain in place after Britain leaves the European Union in 2019.
There is a problem, however: under GDPR it is illegal to transfer personal data belonging to EU citizens outside member states. Known as “third countries,” these include any national territories that have not proven they have adequate data protection laws in place.
Under the Privacy Shield Agreement, it is perfectly legal to move data between the EU and US. But the UK has no such agreement in place– and is unlikely to do so before Brexit completes next year. Legally, it will (probably) become a “third country.”
Planning for third country status
Because the UK uses the same data protection regulatory framework as the rest of the EU, negotiating a Privacy Shield-type agreement shouldn’t be too difficult– assuming there is sufficient political will to drive one through. But like so much of the Brexit transition, much remains to be resolved.
For any organization transferring data between the UK and EU, a backup plan will be required. In the longer term, this may mean migrating to a cloud platform, or carrying out a significant data center upgrade to ensure personal data is properly segregated between EU/non-EU territories.
In the immediate future however, your best plan is to do nothing– even if your current data storage assets are approaching end-of-life. By delaying a final decision, you can significantly reduce the risk of making a faulty strategic decision. Instead, you should partner with a multi-national maintenance provider like CDS who can support your systems, ensuring they remain in full working order until the GDPR third country stalemate is resolved.
Once the UK’s third country status is decided, you can then begin planning the relevant purchases or migrations. And CDS will cover support, maintenance and spares up to that point– and beyond if required.
Will This New Service Help You Build an Income From Redundant Hardware?
A new start-up aims to let businesses and consumers rent out unused data storage like Airbnb.
Post-Brexit Spare Parts Supplies
How to guarantee spare parts supplies no matter how the Brexit negotiations end up.