Brexit - What it Will Mean for Your Data
Brexit. I think we can all agree that we've heard quite enough about it, wishing that Theresa May and her party would just get on with the proceedings once and for all. Barely does a news broadcast go by where we don't have the latest Brexit conundrum furrowing our already anxious brows. If anything, a resolution seems extremely far off in the distant future, especially now that MPs have voted to delay Brexit.
Despite all of the uncertainty surrounding our departure from the EU, we would advise that you don't take the government's stance by faffing around when it comes to sorting out your company data. Believe it or not, Brexit will have an impact on your data, therefore, it's important that your business is as best prepared as it can be before D Day...or "B Day" is more fitting in this instance.
In order to fully prepare for Brexit you must be aware of how it will affect your data.
1. The GDPR will still apply to your business
As you will already know, rules surrounding the collection and use of personal data is set at an EU-level by the GDPR. The UK is required to adhere to these regulations as it's still technically a member of the union, and regardless of whether we leave without an agreement in place regarding data protection, there will be no immediate change to the UK's data protection standards. Therefore, the GDPR will still apply.
It is already a legal requirement that countries outside of the EU adhere to the rules if they are dealing with data that belongs to businesses and consumers within the union. Therefore, once the UK leaves they must still comply with the GDPR if they have any dealings with EU organisations or citizens. A Canadian firm found this to their detriment when UK data protection enforcement body, the ICO, served an Enforcement Notice against Aggregatel Q (AIQ) specifying several breaches of the GDPR, and gave them 30 days to become compliant.
Last summer, the government laid out a series of technical notices advising businesses and individuals on how to prepare for the event of a no deal Brexit. In the event of a no agreement, the Data Protection Act 2018 would remain in place and the EU Withdrawal Act will incorporate the GDPR into UK law. All in all, whatever happens you must remain compliant.
2. Access to EU data centres will be restricted
It's not only the rules around data that you will have to be aware of post-Brexit, as you must also be prepared to face restrictions around accessing your data. As it stands, organisations are only permitted to transfer personal data outside of the EU providing there are legal grounds for doing so. Whilst the UK can currently transfer data within the EU without restrictions, once we leave there will be constraints that will prevent this from happening, as the legal framework governing personal data transfers will change on exit. The UK will be disconnected from EU databases after the transition period ends if no agreement is reached.
Securing an adequacy decision is possible, whereby the European Commission will assess the UK's data protection measures and either deem or reject it as meeting their own standards, thus determining the free-flowing of data. That said, as we know all too well, nothing is certain. In the event that an adequacy decision is declined then the government advises that businesses should consider assisting their EU partners with identifying a legal basis for the transfer of personal data.
How to Prepare Your Data
According to the latest Royal Mail Data Services Insight Report, 9,590 households move and 1,500 people die on a daily basis. Additionally, the UK is home to around 3.7 million people who are citizens of another EU country. Can you truly guarantee that none of these people are in your database? Do you know for a fact that none of your customers have moved house or have passed away? If in doubt it's best to clean your company data before Brexit takes place so that you don't run the risk of having non-compliant data, and then losing access to any EU data that your business may have.
Data cleansing will help your business become compliant as well as more efficient by consolidating your database to achieve a single customer view. Data becomes duplicated over time due to natural decay, not to mention the various touchpoints that your customers have with your business can also contribute to this. A data cleansing solution will merge all of your disparate data into one standard format before deduping to eradicate any duplicate records. It will also match the remaining data against a series of suppression files to verify and remove any deceased persons and movers.
Whilst no one knows exactly what Brexit will mean for our businesses, one thing we know for certain is that your data needs will remain as crucial as ever. Make sure your data is prepared and compliant with current legislation before it's too late.