Business, Brexit and the GDPR
Last year, there were 3.6m cases of computer fraud in the UK alone, representing approximately one case for every 18 residents. A large proportion of such crime targets individual data, utilising personal details to access bank accounts and steal money.
These crimes are not limited to the domestic sector. Following on from the infamous TalkTalk, Yahoo and NHS data breaches, recent events in the US have seen credit checking giant Equifax fail to provide sufficient measures to protect customer data. Conservative estimates speculate that private damage claims issued against Equifax could even cause the company to cease trading.
It is these high-profile cases, together with increasingly rapid changes to the information technology landscape, that has prompted EU regulatory bodies to update existing data protection frameworks with the GDPR.
Increasing protection: enter the GDPR
Following the increasing need for a new approach to data protection on the business stage, the EU is set to introduce the General Data Protection Regulation (GDPR) on 25th May 2018.
This new legislation replaces the Data Protection Directive (DPD) 95/46/EC and is designed to create consistency in corporate data handling across the multiple jurisdictions in the union.
When the DPD was originally approved in 1995, technologies such as third-party cloud storage and social media platforms were non-existent. Only around 1% of EU citizens used the internet and the protocols for accessing information were tediously slow compared to the superfast fiber optic cable that supplies bandwidth to urban centres.
With the proliferation of new data types, data-mining techniques, digital marketing and the rise of smartphone technology, the need for legislation that handles the ubiquity has risen exponentially.
UK Business: ICO and the GDPR
Does your business need to be GDPR compliant? If you are UK-based, the advice offered by the Information Commissioners Office, the agency currently tasked with the enforcement of the existing Data Protection Act, is that “if you are currently subject to the DPA, it is likely that you will also be the subject of the subject of the GDPR”.
The following statement was made by a spokesperson for the ICO, speaking to the BBC on the matter of enforcing the GDPR in the UK: “The new law equals bigger fines for getting it wrong, but it is important to recognise the business benefits of getting data protection right. There is a real opportunity for organisations to present themselves on the basis of how they respect the privacy of individuals – and gain a competitive edge.”
Further focus was made in the statement to the implications of failing to comply with the GDPR: “But if your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices when the new law comes in next year, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance.”
Key regulatory changes presented by the GDPR
Some of the most notable changes to current regulation put forward by the GDPR include the following updates and revisions to existing measures:
- Extra territorial applicability – previously data protection measures were taken “in the context of the establishment”, which meant that if companies processed data overseas then they could not be punished for breaches in legislation. The GDPR is very clear on this matter; if the data belongs to EU citizens, then the new legislation applies regardless of where it is processed.
- Increased fines – the GDPR raises the level of financial penalty for breaches to 4% of the annual global turnover of a company or €20mn (US$23.6mn), whichever represents the larger amount.
- Consent to data use – companies will no longer be able to use long terms and conditions full of complex legal definitions and must now present the purposes of data processing in clear and plain regional language. Equally, facilities for the withdrawal of consent must be easy and simple.
GDPR and Brexit: business hesitation
With Brexit now looming, many UK-based companies have previously been unsure of the extent to which the GDPR is likely to impact their operations.
A survey conducted by Crown Information Management services in March 2017 reported that at the time 24% of businesses had ceased making provisions for implementing the regulations, with tech and data handling companies making up 44% of this percentile.
Official UK Government statement
On the 21 June, the UK Government put an end to the suspense and revealed its intentions to press ahead and bring the GDPR into domestic law. This was confirmed in the Queen’s speech, which looked at the role data plays in commerce, with the following statement noting: “Over 70% of all trade in services is enabled by data flows, meaning that data protection is critical to international trade.”
However, according to research conducted in July 2017, it seems that many UK businesses have failed to be polarised into action by the Government’s ruling.
The study, conducted by one of the UK’s first fully compliant GDPR job boards, CareersinCyber.com, together with London law firm Hamlins LLP, produced the following statistics on the readiness of UK companies for the impending change.
- 73% have not allocated any budget for compliance
- 53% are yet to appoint a data protection officer
- 15% believe that Brexit means exemption from the GDPR
- 12% claim that they do not have the existing funds for compliance
- 11% do not consider there to be any risk to their business
Matthew Pryke, one of the partners at Hamlins made the following statement about these findings: “Despite awareness about the GDPR, too many businesses are complacent and think because of their size or nature of business they are somehow exempt from having to comply. Regardless of Brexit, this regulation – even with the words EU fronting the name – will still apply for all businesses operating in the UK. Those who leave it to chance and don’t prepare now, could be left high and dry if the Information Commissioner’s Office find businesses breach regulations.”
Implications to personal data management
Perhaps the greatest challenge to UK based businesses will be when the UK finally ceases to be an EU member state. In 2015, the EU courted invalidated special location specific measures that allowed for the freedom of data processing between the US and the EU; ending the so called safe harbour scheme, in response to the NSA affair revealed by Edward Snowden.
Once the UK leaves the EU, it is therefore expected that there will be no special provisions made for the processing of personal data. This is perhaps one of the key factors that forced the Government’s hand in implementing the June 2017 ruling, as it is hoped that the UK will receive a formal adequacy decision from the European Commission. Failure to receive such a decision could see a significant impact to business between the UK and the EU.
Finally… financial implications
With the UK currently exploring the opportunities represented by global trade, the EU remains a viable and profitable market for all types of UK based services. No one can predict at this stage what implications there will be for data based industries currently trading and working with EU member states - save to say that there are likely to be difficulties.
However, as many businesses in the EU equally benefit from access to the lucrative UK market, hopefully it will be in the best interests of both parties to find workable arrangements that facilitate no impact on the continuous flow of trade.
KX and Microsoft partner to scale up real-time analytics
, a data analysis software developer and vendor, it has become a Microsoft Partner. The two companies are working together to build a long-term technical and go-to-market roadmap to enable companies to rapidly scale up their real-time analytics and decision-making capabilities.
This announcement has followed the launch of KX Insights, which is a cloud-first platform for streaming analytics that fully leverages the benefits of cloud architecture natively to deliver fast, scalable real-time data insights via the .
“KX Insights takes full advantage of the Microsoft Azure platform to deliver the optimal performance while maintaining interoperability with existing processes and data,” Gerry Buggy, Chief Strategy Officer at KX.
“Together with Microsoft, we are offering a streaming analytics solution that is fast, secure, and flexible. It’s a game-changer for firms looking to drive operational and commercial performance through real-time analytics.”
KX Insights has been built to leverage vast amounts of real-time data in a scalable and easy-to-use manner. It has been benchmarked as the fastest in the industry to independent STAC benchmarks. The platform also operates on Amazon AWS and Google Cloud, plus on all public and private clouds and on-premises too where required.
Moving to the cloud
The recent found that 92% of respondents reported having a multi-cloud strategy. 82% are taking a hybrid approach, combining the use of both public and private clouds. More than half of respondents use the cloud heavily and have reached the advanced cloud maturity level. 21% of organisations are at the intermediate maturity level, and 19% are beginners.
The report showed that many of the advantages delivered by the cloud have proven to be especially valuable as organisations adapted over the past year to meet the rapidly evolving needs of businesses.