With the General Data Protection Regulation (GDPR) and Brexit coming up soon, many people are asking if the GDPR will apply in the UK once the UK leaves the European Union (EU). Many also ponder if the GDPR and Brexit are even all that relevant for those organisations in the Americas, Africa, Asia, Australasia or the Middle East?
Actually, the answer is a complex one that needs to take account of many factors which may impact businesses around the world if they wish to continue trading with the EU and UK...
Let’s deal with UK issue first; we know the UK is still in the EU and will be until 29th March 2019. Until such time, the UK remains a full member of the EU with all that entails including reaping the benefits of membership and at the same time complying with all its rules and regulations similar to most other memberships or contracts you can think of. The UK government has already started attempts to replicate the GDPR into UK law with the development of the Data Protection Bill. As the UK is leaving the EU, the UK government is not only trying to implement the GDPR into UK law until that happens but is also using the bill as an opportunity to implement the GDPR into UK law beyond 2019.
At present, it’s not possible to judge what the UK’s relationship with the EU will be beyond 2019. Irrespective of any deal made by the UK government and the EU on their future relationship, the GDPR will still be applicable to businesses that process the data of EU subjects. In today’s interconnected and globalised world, it would difficult to find an organisation in the UK or further afield outside the European continent that does not fall into this category
Organisations outside the EU and UK should take note that the GDPR goes beyond these territories. Falling foul of the regulations can result in substantial fines being levied against non EU/UK organisations by the EU. Many businesses in the Americas, Africa, Asia, Australasia and the Middle East regularly trade with the EU and UK and in doing so usually process personal information of EU subjects.
Right now, it certainly looks like Brexit will not be a bypass for GDPR. It’s also fair to say that being located outside of the EU/UK or being a non EU/UK company will also not allow you to bypass the GDPR.
The best way to deal with such a complex issue for most businesses inside and outside the EU/UK is to seek guidance from experts in compliance and cybersecurity services. They can assess your GDPR risk exposure and provide appropriate strategic and technical advice as well as fulfil the recommendations they provide with fully managed cybersecurity services to ensure you remain secure and compliant with evolving international regulations.
NTT Security delivers a range of end-to-end cybersecurity services including GDPR consulting services both inside the EU/UK and outside the EU/UK as well as managed security services using our security experts, advanced analytics and threat intelligence, all delivered under one roof by one global cybersecurity company working hard to secure the foundation of a connected society.