A Brexit deal has finally been agreed upon between the UK and the EU; and a trade deal has been reached. The UK is set to end the transition period and complete leaving the European Union on the 1st of January 2021.
The departure from the Europe Union calls for changes in laws and regulations, across multiple sectors within the UK. One constant with be regulations such as the General Data Protection Regulation (GDPR) which will continue to be used within the UK, in order to protect information relating to EU citizens.
But Why is GDPR Important?
The GDPR provides data subjects (individuals) with more control over their personal data such as names, addresses and credit card numbers. GDPR forces companies to disclose information to the data subject about how their data will be processed, creating a sense of trust and honesty between companies and individuals. In order for any organisation to process personally identifiable information on EU and UK citizens, the organisation must be able to demonstrate their compliance to the regulatory requirements. Failure to do so could result in significant fines or infringements.
Currently, the UK has the Data Protection Act 2018, which makes the GDPR valid as legislation within the UK irrespective of EU membership or not. Currently the EU-UK Trade and Cooperation Agreement is being finalised. This document will determine whether the UK is considered an ‘approved’ country for processing or a third country. In order to become approved, the agreement may contain specific controls which organisations may have to implement.
How can businesses prepare for any changes?
Many companies within the UK will have a need to review their data protection controls to ensure that they meet the requirements of both the GDPR, Data Protection Act and any new requirements finalised as a result of the EU-UK Trade and Cooperation Agreement.
Cyber attacks are becoming more frequent with the advancement of technology and companies must now prepare for anything. A UK threat report found that 88% of UK business surveyed had been breached within the last 12 months. Cyber attacks can happen unexpectedly to anyone and therefore you must be prepared on what to do in the event of a cyber attack and a breach to your customers data.
In order to be prepared for these forms of attacks and ensure your GDPR compliance. Global QA consultants recommend implementing ISO 27001 alongside ISO 27701; to ensure your business follows any changes to data protection legislation and is prepared in the unfortunate event of a cyber attack.
At Global QA your business and customers come first, Click here to implement ISO 27001 and ISO 27701 Today!