Time To Revisit Your GDPR Provisions

Folders labelled with EU and UK flags open with forms falling out

Posted on Thursday, November 29, 2018

When the General Data Protection Regulation (GDPR) came into force in May 2018, you probably thought that you had finished planning and implementing compliant processes and safeguards. Unfortunately, Brexit may have just brought the issue back to the boardroom.

Britain and ‘third country’ status

At the time of implementation, Britain was fully onboard with GDPR– indeed the regulation was enacted as the Data Protection Act 2018 in the UK. This means the same security and privacy obligations will remain in place after Britain leaves the European Union in 2019.

There is a problem, however: under GDPR it is illegal to transfer personal data belonging to EU citizens outside member states. Known as “third countries,” these include any national territories that have not proven they have adequate data protection laws in place.

Under the Privacy Shield Agreement, it is perfectly legal to move data between the EU and US. But the UK has no such agreement in place– and is unlikely to do so before Brexit completes next year. Legally, it will (probably) become a “third country.”

Planning for third country status

Because the UK uses the same data protection regulatory framework as the rest of the EU, negotiating a Privacy Shield-type agreement shouldn’t be too difficult– assuming there is sufficient political will to drive one through. But like so much of the Brexit transition, much remains to be resolved.

For any organization transferring data between the UK and EU, a backup plan will be required. In the longer term, this may mean migrating to a cloud platform, or carrying out a significant data center upgrade to ensure personal data is properly segregated between EU/non-EU territories.

In the immediate future however, your best plan is to do nothing– even if your current data storage assets are approaching end-of-life. By delaying a final decision, you can significantly reduce the risk of making a faulty strategic decision. Instead, you should partner with a multi-national maintenance provider like CDS who can support your systems, ensuring they remain in full working order until the GDPR third country stalemate is resolved.

Once the UK’s third country status is decided, you can then begin planning the relevant purchases or migrations. And CDS will cover support, maintenance and spares up to that point– and beyond if required. 

To learn more about how our post-warranty storage hardware maintenance services provide peace of mind in the middle of geo-political uncertainty, please get in touch.

Download article
as a PDF - Time To Revisit Your GDPR Provisions

More Articles

Two men handing over keys to a house made out of servers

Will This New Service Help You Build an Income From Redundant Hardware?

A new start-up aims to let businesses and consumers rent out unused data storage like Airbnb.

Servers sitting upright on a map of the UK

Post-Brexit Spare Parts Supplies

How to guarantee spare parts supplies no matter how the Brexit negotiations end up.