European Data Rules will still apply despite Brexit

The countdown to GDPR (European General Data Protection Regulation) continues. Its aim is to strengthen and unify data protection for all individuals within the European Union. It is important that all businesses know what it is in terms of risk management as well as regulation.

Many may think “Why does this matter? With Brexit, surely this isn’t our problem anymore.”  At present this is still set to become part of British law and there is no evidence to say that it is going to be scrapped with Brexit. Even if after Brexit the rules were changed, we are all part of a much bigger picture and legislation in one country has a way of making itself felt in another. If we trade with Europe, we will have to abide by their regulations. If you believe the UK’s departure from the EU will negate the need for change in terms of managing data, you are sadly mistaken.

The theme of access to data came up in the Queen’s Speech. If the proposed bills go through Parliament, the police will be given additional powers of access to our data and young people will have the right to demand social networks delete any personal information they had shared prior to turning 18.

But, GDPR has implications way beyond technology. This is a business problem, not an IT or a HR issue. You may be a small firm without HR and outsource your IT. It is still your problem. You cannot leave it to anyone else, however tempting that may be.

As business owners, we are accountable for the information that we store on clients and our employees. We need to change how data is perceived, and begin to treat it as a company asset and ensure it doesn’t become a liability.

Data comes in many forms. It is not just about paperwork and information on your computer.

Security cameras have photographic data
A customers’ signing in book with name, company details, car registration – that’s all data
Biometric finger recognition on devices
Waste paper bins (with / without confidential information in them)
USB sticks at the back of drawers
Dusty old HR records at the back of a cupboard
Old bank statements at the back of a filing cabinet
An external hard drive for one of your servers
And this is the “stuff” that you can see. What about other records you may not know about?

Employees with old files sitting at home
A laptop that someone accepted from former employee and forgot to return to the office
Data a member of staff emailed to their personal email id to enable them to work at home
Information sent to a third party
Sharing of a whole spreadsheet rather than just the relevant data.

As business leaders, this has to be a project led by top management and senior leadership. The culture of the organization is key and explaining to all staff what the process will be over the coming months is fundamental to the success.

Involve and educate your staff. They probably know more about how data is processed and managed than you. They will become your greatest asset in ensuring compliance to the new legislation.

To quote Benjamin Franklin: “Tell me and I forget, teach me and I may remember, involve me and I learn.”

See our other posts on GDPR

Are You Ready for GDPR?