TECH TALK: Amending EU privacy rules could pose big problems for UK businesses, says BILL MAGEE
It’s two months short of two years since I penned my first “Tech Talk” for Daily Business. All about a Brexit-Britain and Europe wrangling over what amounts to the safe handling of often private and highly-sensitive personal and commercial information. I recall, very much tongue in cheek, predicting those pesky Europeans would continue to call the GDPR tune and at the time I could hear you holler: “No way.”
It’s taken all this time for the data regulatory forces on both sides of the divide that is the Channel to get their respective acts together, in a fashion, as regards the General Data Protection Regulation (the GDPR acronym will forever, for me, strongly resemble a former eastern bloc country)
The EU hasn’t really changed its position and the UK, post-Brexit, has announced it an overhaul, although data protection rules introduced by the EU in May 2018 became enshrined as part of UK law and remain so under the 2018 Data Protection Act.
Also, despite Britain’s rather cavalier post-Brexit approach, it really is best to keep on the right side of the EU. Taken as a bloc it remains the UK’s largest trading partner. In 2019 the EU accounted for 47% of UK total trade and it remains the case that a fallout could lead to data transfers between the UK and EU being frozen. No British business wants that.
UK Culture Secretary Oliver Dowden has announced intentions to strike numerous deals with non-EU countries developing a world-leading and creative data policy and delivering a Brexit dividend for businesses and individuals. Sounds fair enough. But then, unfortunately, things get a bit flaky.
Dowden has been quoted as saying “box ticking” and “irritating” cookie popups and online consent requests will be avoided. Yet, these are the simple everyday online safeguards so many organisations expect their staff to adhere to in order to avoid a data breach.
Can such an approach square with the UK’s recently-enshrined information protection act? Your organisation may not realise it, but it is operating in a data-centric world in which innumerable sources represent the cyberhacker’s most valuable currency when planning a data grab.
McKinsey Global Institute pinpoints potential targets including business intelligence, cloud computing, machine learning and processing as well as visualisation taking in charts, graphs and other displays. Given the sheer pace and volume of data sources like the Internet of Things/smartphones, cameras, microphones, smart TVs, digital PAs – that’s a lot to handle.
We’re talking about thousands-upon-thousands of gigabytes of data. The trouble is, existing software tools are too often inadequate to capture, curate, manage and process information in a safe and secure manner. Get things wrong and it can all but bring a business down.
Of the UK Government’s stance, JMW Solicitors partner David Smith says the suggestion GDPR relies on box-ticking is not entirely accurate, as it expects organisations to have appropriate policies in place to manage data.
Any movement away from GDPR is likely to have a negative impact on a business seeking to trade with consumers generally outside the UK.
This is because an ever-increasing number of countries have implemented data protection regimes very much in line with GDPR. It means businesses are required, by law, to continue to comply with such consistently drawn up and enforced regulations. JMW highlights that this is the case “from California to China.” Even if the UK Government says otherwise.
Let’s hope I won’t be writing, once again, in two years time about the UK and EU at loggerheads with our vulnerable data caught slap bang in the middle. Who’s laying the cyberbets on this one..