GDPR & Brexit: How Will One Affect the Other?
With Brexit looming, you may be wondering what impact a deal or no deal scenario will have on the UK’s current data protection laws, such as GDPR.
The UK government have issued a paper
to answer some of the essential questions businesses have on how to remain compliant[i]
. The advice applies to UK organisations that receive personal data or operate from abroad, including the EU.
The Information Commissioner’s Office (ICO) has confirmed that whether we leave the EU with or without a deal, most of the data protection rules affecting SMEs will remain the same after Brexit.
This means UK businesses that comply with GDPR and have no contacts or customers in the EEA don’t need to do much to prepare for data protection post-Brexit. So, in short, if the UK leaves the EU – deal or no deal – all UK businesses and organisations will need to continue to observe and comply to The General Data Protection Regulation (GDPR).
However, UK businesses that do receive personal data from contacts and customers within the EEA must take additional steps to ensure they’re fully compliant after Brexit, which will likely involve designating a representative in the EEA.
For any more guidance, ICO have compiled this useful interactive tool[ii]
and the following documents to help small to medium-sized businesses[iii]
and large organisations[iv]
keep personal data flowing from the EEA to the UK.
But whatever the outcome, there are still question marks as to how compliant businesses are dealing with GDPR. To answer some of these questions, Shred-it commissioned a survey of 1,439 UK-based SMEs to help understand attitudes towards compliance, GDPR and secure data destruction.
Less than half (45%) of the firms who said they were ready to deal with data protection requirements also said they had recently reviewed their data protection policies. Just over a third had emailed their customers to confirm consent to data use, less than a quarter had published a privacy notice and just over one in five had reviewed, deleted or destroyed personal data.
Businesses will need to make sure the correct measures are in place to ensure confidential data remains confidential, from the lawful obtaining of information, right through to the secure destruction of data. We’ve outlined a few simple steps for you to follow to ensure your business is protected against a data breach.
1) Remind your employees about the importance of staying GDPR compliant.
What better time to refresh the office on some of the key GDPR policies they should be adhering to? Why not run a short workshop on the Shred-it Small Actions for Big Wins Checklist[i]
? Educating employees about the most commonly overlooked information security practices that can help small businesses avoid many of the risks their operations face.
2) The ‘right to be forgotten’ clause
Data protection laws are set to become even tighter, particularly around how personal data is used and stored. Your employees – past and current – and customers have the right to request that their personal information is disposed of once it has served its intended purpose. It’s essential that personal data is securely destroyed in order to remain compliant.
3) Avoid in-house shredding
Aside from the fact that it’s time consuming and takes you away from your day to day duties, in-house shredding doesn’t always guarantee your document is destroyed completely or correctly. Our secure destruction services provide your office with tamper-proof consoles, where documents are stored before being destroyed and recycled, safely and securely. So, with a regularly scheduled service, you’re not just protected on shredding day but every day.
We protect what matters – and what matters to us is the security of your business. To learn more about how we can protect the sensitive information of your employees and partners, get in touch to receive a no obligation Data Security Survey[i].