Enterprise Data Protection

UK needs to align with GDPR, even post-Brexit

CEOs in the UK are worried that poorly-implemented data privacy rules will cost them after the UK leaves the European Union.

According to a new KPMG survey of 100 UK CEOs, almost 60% feel their business will suffer if UK privacy rules are not aligned to the General Data Protection Regulation (GDPR) post-Brexit.

“The worry amongst this cohort of CEOs is understandable,” said Mark Thompson, Global Privacy Advisory lead at KPMG. “Once GDPR is enforced in May 2018, it will fundamentally alter the way we live, work and interact with technology, organisations and each other.”

While being GDPR compliant will almost certainly be a requirement for any company wishing to do business with Europe from 25th May 2018, the prospect of the UK leaving the European Union has become a complicating factor.

Speaking at InfoSec 2016, Iain Bourne of the UK Information Commissioner's Office said the UK will develop its own data privacy laws that offer similar levels of protections and requirements. So far, however, the only bill relating to data privacy the UK government has passed since Theresa May became Prime Minister is the IP Bill – aka the “Snooper’s Charter” – which focuses on government surveillance powers rather than data protection requirements.

“It's not just European firms [that are affected by GDPR],” Duncan Bradford, CA’s EMEA CTO, told IDG Connect recently. “If you trade or have data about EU citizens, then you're under the umbrella of GDPR.”

A recent study by CA found that nearly only around a third of organizations were currently confident about their current ability to locate and, if necessary, delete customer data promptly across all systems and applications; something which is a key part of the GPR requirements.

Failure to comply can result in fines of up to €20 million or 4% of global annual turnover – whichever is higher.


Also read:
GDPR: The World needs “at least” 75,000 DPOs
Is the EU-decreed DPO the next big IT role?
GDPR hangs heavy over Europe
EU finally approves GDPR
EU GDPR: Why are firms lagging on preparation?
EU privacy law to require opt-in and make data processors share in responsibility
It’s UK versus Europe in the battle over data protection


« Middle East 2017: Some improvements but work is still needed


Technology trends in 2017: A bluffer's guide »
Dan Swinhoe

Dan is a journalist at CSO Online. Previously he was Senior Staff Writer at IDG Connect.

  • twt
  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?