Maksim Kabakou - Fotolia
While we await the invocation of Article 50 of the Lisbon Treaty to trigger the UK’s departure from the European Union (EU) and the start of negotiations, information security professionals should bear in mind a couple of key points.
The UK is still a member of the European Union and will remain so until the process of exiting is complete, which will be in the second half of 2018 at the earliest.
Until this time, at least, UK organisations must continue to prepare for and comply with EU legislation.
This includes the EU General Data Protection Regulation (GDPR), coming into force in May 2018, before Brexit is complete.
UK-based organisations should continue to prepare for compliance with this regulation; following Brexit many UK organisations will still hold personal data on EU citizens and as such compliance with GDPR will still be required.
Another relevant piece of legislation is the EU Network and Information Security (NIS) directive, coming into force in August 2016.
This directive aims to protect critical infrastructure and sets common cyber security standards and reporting requirements for applicable organisations, such as those in industries such as energy, transport and health. The UK government has just over two years to implement the directive and identify relevant organisations for compliance.
Many leaders are nervous about the as yet unseen effects of Brexit on their business. Those areas of organisations that struggle to demonstrate return on investment (ROI) – such as cyber security – could well have their budgets hit by this nervousness.
Read more from Computer Weekly’s Security Think Tank about the impact of Brexit on security pros
Preparing for and opening budget negotiations early can help reinforce the business case for continued investment.
However, currently, nothing has changed – we must focus on “business as usual”. As information security professionals we must not prioritise the potential implications of Brexit over the day-to-day demands of maintaining vigilance and keeping our organisations safe from attack.
Maxine Holt is principal analyst at the Information Security Forum (ISF).