What is GDPR compliance and how will Brexit impact its enforcement? The EU is taking personal data security to new levels with the new General Data Protection Regulation (GDPR) set to go into effect on May 25th, 2018. This leaves global businesses approximately ten months to set their data privacy and security policies in line with the strict GDPR compliance, or face crippling fines of up to 4% of annual global revenue or $20 million Euros (17,882,635.20 British Pounds), whichever figure is greater.
Despite Brexit, UK companies are still ramping up to meet GDPR compliance because they will remain members of the EU until at least the end of March 2019 and GDPR commences May 2018. This means the UK is committed to an absolute minimum of 10 months of compliance with GDPR requirements. Taking steps, like assessing your company’s internal team communication tools and data processing against a GDPR compliance checklist, will ensure you meet GDPR requirements.
What does this mean for the UK post-Brexit?
Do GDPR requirements apply to the UK in a post-Brexit landscape? The answer is yes if you do business with or have any data about EU citizens. This puts you under the umbrella of GDPR compliance. Post-Brexit, Parliament will likely construct a similar personal data security regulation that will align with the EU’s data protection efforts. Members see immense value in the regulation, especially since cybersecurity is now top of mind for every company. GDPR compliance is just an extra safeguard to protect company and customer data.
The bulk of the work happening at the moment to become attain GDPR compliance is simply good business and as it happens, UK companies are embracing the challenge. For instance, GDPR requirements mean that every organisation needs to appoint a DPO (data protection officer) to make sure personal data is protected and meets GDPR compliance standards. UK companies have more DPOs than any other country in the EU and continue to hire them, showing a commitment to the GDPR regulation.
What Is GDPR Compliance and How Can Your Company Meet GDPR Requirements?
Amir Ameri, Beekeeper’s VP of Global Risk & Compliance and DPO, notes, “Executives now face a sprint of thorough internal evaluations to revamp policies around collection, storage, or usage of EU resident personal data. The financial implications of breaching GDPR requirements are astronomical. We recommend mapping all data assets and appointing dedicated Data Protection personnel on a full-time or contract basis to properly oversee the adoption of high-caliber data protection processes and technologies. One key way to assist this process is to create GDPR compliance checklist.”
GDPR compliance is still necessary regardless of Brexit for several reasons. The major impacts will be heavy fines and the inevitable loss of customers for companies that don’t comply. The reality is that the effects of GDPR requirements stretch far beyond the confines of the EU. If your global business touches the personal data of European citizens in any way whatsoever, such as via a team communication tool, you are subject to all requirements set forth by the new GDPR regulation. So, if UK companies don’t adhere to these regulations, they risk losing EU clients.
Gabrielle Griffith, Director at compliance consultancy BPE Global, stresses the importance of due diligence with team communication tools across your organisation ahead of GDPR’s enactment. “Any company doing business with EU entities is affected,” Griffith states. “For example, global companies that maintain a website to solicit sales from–or that use a team communication tool to communicate with–potential EU customers will be subject to GDPR requirements.”
With GDPR’s compliance deadline just around the corner, it is crucial that all UK companies demonstrate rigorous investment in the personnel and policy changes required to securely store and manage personal data. It’s crucial to start doing a cross-organisational security and internal assessment with a GDPR compliance checklist now to not only keep your business GDPR compliant, but also work to reduce the risk of a future breach.