momius - Fotolia

KPMG cautions CEOs against ignoring GDPR requirements because of Brexit

Professional services giant KPMG says UK businesses cannot afford to ignore incoming European data protection requirements if they want to continue to trade successfully with the continent in future

KPMG is warning CEOs not to stall on preparing their businesses for the arrival of the European General Data Protection Regulation (GDPR), despite the ongoing uncertainty arounf how its contents will apply to them in the wake of the June 2016 Brexit vote.

Mark Thompson, global privacy advisory lead at the professional services firm, said organisations can ill-afford to wait around and see how the government’s post-Brexit data protection plans square with the contents of the GDPR.  

“The requirements being introduced by the GDPR are going to require most organisations to make significant enhancements to their privacy control environment and rethink the way they collect, store, use and disclose personal information,” he said.

“These changes are going to be complex and take time. As such, most organisations cannot afford to wait and see what form Brexit takes. Doing so would leave them with insufficient time to prepare.”

How the UK’s vote to leave the European Union (EU) will affect the compliance of UK businesses with the continent’s data protection laws in future has emerged as a recurring topic of conversation among industry watchers in recent months.

As outlined in a recent Computer Weekly article, it remains unclear at this point if UK businesses will be exempted or expected to comply with the GDPR legislation, which will come into force in 2018.

Its introduction is expected to herald a unification of the multitude of data protection rules European countries are expected to adhere to on an individual basis, by introducing a single and identical set of regulations for all 28 EU member states to follow.

Business that fail to comply with the terms of GDPR will face fines of up to €20m or 4% of their global annual turnover (depending on which one is higher).

However, with current estimates suggesting the UK could be on course to leave the EU by 2019, business leaders are seeking clarification about what the government’s data protection legislation plans are beyond this date.

Read more about GDPR

According to a poll of 100 CEOs by KPMG, 60% of respondents fear their ability to do post-Brexit business will suffer unless steps are taken in advance to ensure the UK’s data protection laws align with Europe’s in the future.

“While the UK is likely to implement the GDPR, Brexit poses some uncertainty on what GDPR will mean to the UK post-Brexit, it is critical to understand that, if the UK is going to continue to trade with the EU, this free flow of personal information must be maintained,” said Thompson.

“Statements issued by the UK government suggest that the UK will adopt the GDPR while it negotiates its exit from the EU. What remains to be seen is whether the GDPR is subsequently repealed and replaced with something else.

“The UK privacy regulator, the Information Commissioner’s Office, remains adamant regarding the need for strong, equivalent privacy law in the UK regardless of the outcome of Brexit. It therefore seems likely that a GDPR equivalent privacy framework will be here to stay and organisations should prepare accordingly,” he added.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Cloud storage

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

If your company trades across the EU and you hold personal data of those customers you will need to comply with GDPR regardless of Brexit. GDPR presents a marketing opportunity for organisations.
Cancel
There is one major piece of the data protection puzzle that is being overlooked and that is the risk of a data breach due to retiring legacy and end-of-life IT equipment. With GDPR coming into play businesses that suffer a breach are not only risking the consequences of damage to their brand reputation but they are now also financially responsible, facing fines of up to 4% of global turnover. For smaller organisations this could cause devastating effects to their business. It is vital that redundant hardware containing data is either erased or better destroyed. Putting in place a secure chain of custody throughout the disposal process, is paramount and essentially, the only way to achieve this is to ensure all data bearing assets are sanitised or destroyed “on-site” prior to removal from Company premises. This is one sure way to reduce the risk of breaching the new GDPR legislation.
Cancel
UK organisations will need to comply with GDPR. The UK BS10012 is currently being updated to reflect the requirements of GDPR.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close