Skip to main content

Brexit Part 1 - What about the Data



So it happened, we left, we voted and now we’re out. Some of us were very angry, some very happy and a great many confused.
 
We’ve all heard about the possible impact on immigration, the economy and even the Lloyds Market, however what about the impact on some the other niche and emerging markets? In this series of blogs I will be looking into the impact of Brexit on some of the lesser discussed business sectors, this week Cyber Insurance. Cyber Insurance. When our children look back at 2016, they are unlikely to look back at the year with any fondness. The high profile deaths, political upheaval and worldwide humanitarian catastrophes have left the globe in state of unhealthy imbalance.
 
Brexit has stripped the shroud of democracy back and unveiled the bitter political divide of a developed but stagnant nation to the world. It’s also focussed the microscope on legislations from boiler warranties to European data legislation.
 
Focussing on the latter, the dreaded 2018 Data Protection Directive updates, officially known as Directives 95/46/EC, are due to impact any business which has an internet connection or keeps personal records (client/prospect/any other), aka 99.9% of anyone. With Article 50 apparently soon to be activated, what is ahead for the countries industries?
 
You’d be forgiven to think a reprieve for the poor trodden on masses was ahead, finally the Brexit silver lining was showing its glistening border. You’d be wrong.
 
To give a brief overview of the updates arising for the 2015 DPD:
  • 72 Hour deadline to advise data breaches to the European commission (UK – Information Commissioners Office) and any affected individuals if their fundamental rights are affected.
  • Fines per record kept following breach – 4% of annual turnover (NB turnover, not profit) £17 mill – whichever is greater.
  • Consent required when processing children’s data  
  • The appointment of a DPO will be mandatory for certain companies  
  • Risk reports for any higher-risk data processing activities
  • Data Processor responsibilities
  • Privacy by design

With Article 50 yet to be activated we’re still technically part of the EU, but the laws are being drawn up and handshakes being withdrawn, so it looks like we can smile and wave the data protection laws goodbye. Alas, life and the EU just aren’t that simple.
 
I’ve heard two reasons for companies not preparing for the legislation changes – "We aren’t going to be in the EU, let’s see what changes occur and cross the bridge when we come to it" and " We don’t have operations, subcontractors or subsidiaries in the EU, all our data is kept on UK servers".
 
Unfortunately, the DPD is going to affect any UK businesses offering any type of service to the EU, regardless of whether the business processes or stores data on UK or EU soil.
 
The main principle differentiator is what the Data is not where the Data is i.e. bank details of Juan Rodrigues who resides in Spain and works for an EU based company, but his details are kept on your server due to his Cornish holiday home. This also applies to historic data collected previous to the DPD changes.
 
Thus any trade with EU nationals, companies or countries will become nigh on impossible without the adoption of the DPD 2018 rules.
 
Businesses need to look back at their back office procedures now, as the deadline is 18 months away and this offers a limited window for change. To ensure that your company is in the right place, to anticipate and react to these changes a forward thinking IT director should be in place and a robust Cyber Insurance policy needs to be running concurrently with stringent IT monitoring protocols.

The onus will be on businesses to pull ther heads out of the sand, improve IT infrastructues, internal data handling policies and training of staff while not relying on the governing bodies of the UK and EU to failt to act. These changes will effect the entire UK business community, unfortunately there is no escape from the inevitable and the best protection is thorough planning and insurer backed risk assessments. Luckily there are a number of decent insurance brokers awake to the changes and many are offering fantastic tailored advise on Cyber Liability and Business needs following Brexit and the Insurance Act changes. Worthwhile investigating.

-Tristan

Tristan is the Client Relationship Manager - James Hallam Corporate Risks - Birmingham




Comments

Post a Comment

Popular posts from this blog

UK Tech Clusters - Top 10

Did you know that 58,000 of 320,000 UK businesses are classed as Tech Businesses*? There are more than 1,500,000 "digital tech" jobs in the UK. The sector is said to be growing faster in terms of turnover and productivity than the wider economy. It's fascinating to see Birmingham sitting in 5th place behind the likes of Reading, Bristol and Bath, however I believe this is a bit of a misnomer as the scoring doesnt take into account Malven, Worcester and Leicester being satelites of Birmingham itself. If we include them in Birmingham's statistics it brings the number of tech jobs up to 43,000 just behind Manchester in 3rd. It's also interesting to see how Birmingham has achieved its position without the help of a large multinational in its midst, unlike Bristol, Bath, Reading etc who feature the likes of Amazon, Google and HP. Anyway, the full list, provided by the BBC is listed below: London Digital tech jobs: 328,000 Tech jobs per 10...
Post a Comment
Read more

TESCO BANK ATTACK: THE FIRST PUBLIC BANK HACK?

High profile hacks have happened before, we've all read about Talk Talk, Ashley Madison and Sony. We all know the words on every business leaders lips are currently Cyber, Data protection and Ranson-ware. So why is the Tesco hack any different? Why should we take notice of this attack more than any of the above incidents? Quite simply becuase this is the  first time that a UK bank has reacted so publicly by stopping some types of transactions on a web banking system because of "online criminal activity". Banks are targeted all the time but typically those attacks just hit a few individuals, so do not bring about a site closure. In this case, as far as we can tell, a lot of people lost cash very quickly. You've probably read about the Natwest bank errors that lead to the public being unable to withdraw cash or pay direct debits, this is well known to insiders as an organised international hack attempt on the Natwest servers, easier to simply turn off the ...
Post a Comment
Read more
Introductions Hello everyone,  Welcome to Tristan Insures, hopefully you're here because you were directed from Linkedin or Twitter, if however you were looking for something or someone else, please stay, we have a fountain of " insider " Insurance information to discuss! My name is Tristan, I work for an Independent Insurance Broker in central Birmingham. This blog is an opportunity for me to discuss all things Business and Birmingham. I'll be bringing breaking insurance news, insider information on the best and worst of the market, sprinkled with some useless Birmingham gossip. So keep your eyes peeled and ears open, if you get any scoops, send them my way and hopefully enjoy the read! - Tristan  Tristan is the Client Relationship Manager for James Hallam Brokers ltd Birmingham
Post a Comment
Read more