Skip to main content

Brexit Part 1 - What about the Data



So it happened, we left, we voted and now we’re out. Some of us were very angry, some very happy and a great many confused.
 
We’ve all heard about the possible impact on immigration, the economy and even the Lloyds Market, however what about the impact on some the other niche and emerging markets? In this series of blogs I will be looking into the impact of Brexit on some of the lesser discussed business sectors, this week Cyber Insurance. Cyber Insurance. When our children look back at 2016, they are unlikely to look back at the year with any fondness. The high profile deaths, political upheaval and worldwide humanitarian catastrophes have left the globe in state of unhealthy imbalance.
 
Brexit has stripped the shroud of democracy back and unveiled the bitter political divide of a developed but stagnant nation to the world. It’s also focussed the microscope on legislations from boiler warranties to European data legislation.
 
Focussing on the latter, the dreaded 2018 Data Protection Directive updates, officially known as Directives 95/46/EC, are due to impact any business which has an internet connection or keeps personal records (client/prospect/any other), aka 99.9% of anyone. With Article 50 apparently soon to be activated, what is ahead for the countries industries?
 
You’d be forgiven to think a reprieve for the poor trodden on masses was ahead, finally the Brexit silver lining was showing its glistening border. You’d be wrong.
 
To give a brief overview of the updates arising for the 2015 DPD:
  • 72 Hour deadline to advise data breaches to the European commission (UK – Information Commissioners Office) and any affected individuals if their fundamental rights are affected.
  • Fines per record kept following breach – 4% of annual turnover (NB turnover, not profit) £17 mill – whichever is greater.
  • Consent required when processing children’s data  
  • The appointment of a DPO will be mandatory for certain companies  
  • Risk reports for any higher-risk data processing activities
  • Data Processor responsibilities
  • Privacy by design

With Article 50 yet to be activated we’re still technically part of the EU, but the laws are being drawn up and handshakes being withdrawn, so it looks like we can smile and wave the data protection laws goodbye. Alas, life and the EU just aren’t that simple.
 
I’ve heard two reasons for companies not preparing for the legislation changes – "We aren’t going to be in the EU, let’s see what changes occur and cross the bridge when we come to it" and " We don’t have operations, subcontractors or subsidiaries in the EU, all our data is kept on UK servers".
 
Unfortunately, the DPD is going to affect any UK businesses offering any type of service to the EU, regardless of whether the business processes or stores data on UK or EU soil.
 
The main principle differentiator is what the Data is not where the Data is i.e. bank details of Juan Rodrigues who resides in Spain and works for an EU based company, but his details are kept on your server due to his Cornish holiday home. This also applies to historic data collected previous to the DPD changes.
 
Thus any trade with EU nationals, companies or countries will become nigh on impossible without the adoption of the DPD 2018 rules.
 
Businesses need to look back at their back office procedures now, as the deadline is 18 months away and this offers a limited window for change. To ensure that your company is in the right place, to anticipate and react to these changes a forward thinking IT director should be in place and a robust Cyber Insurance policy needs to be running concurrently with stringent IT monitoring protocols.

The onus will be on businesses to pull ther heads out of the sand, improve IT infrastructues, internal data handling policies and training of staff while not relying on the governing bodies of the UK and EU to failt to act. These changes will effect the entire UK business community, unfortunately there is no escape from the inevitable and the best protection is thorough planning and insurer backed risk assessments. Luckily there are a number of decent insurance brokers awake to the changes and many are offering fantastic tailored advise on Cyber Liability and Business needs following Brexit and the Insurance Act changes. Worthwhile investigating.

-Tristan

Tristan is the Client Relationship Manager - James Hallam Corporate Risks - Birmingham




Comments

Popular posts from this blog

UK Tech Clusters - Top 10

Did you know that 58,000 of 320,000 UK businesses are classed as Tech Businesses*? There are more than 1,500,000 "digital tech" jobs in the UK. The sector is said to be growing faster in terms of turnover and productivity than the wider economy. It's fascinating to see Birmingham sitting in 5th place behind the likes of Reading, Bristol and Bath, however I believe this is a bit of a misnomer as the scoring doesnt take into account Malven, Worcester and Leicester being satelites of Birmingham itself. If we include them in Birmingham's statistics it brings the number of tech jobs up to 43,000 just behind Manchester in 3rd. It's also interesting to see how Birmingham has achieved its position without the help of a large multinational in its midst, unlike Bristol, Bath, Reading etc who feature the likes of Amazon, Google and HP. Anyway, the full list, provided by the BBC is listed below: London Digital tech jobs: 328,000 Tech jobs per 10...

TESCO BANK ATTACK: THE FIRST PUBLIC BANK HACK?

High profile hacks have happened before, we've all read about Talk Talk, Ashley Madison and Sony. We all know the words on every business leaders lips are currently Cyber, Data protection and Ranson-ware. So why is the Tesco hack any different? Why should we take notice of this attack more than any of the above incidents? Quite simply becuase this is the  first time that a UK bank has reacted so publicly by stopping some types of transactions on a web banking system because of "online criminal activity". Banks are targeted all the time but typically those attacks just hit a few individuals, so do not bring about a site closure. In this case, as far as we can tell, a lot of people lost cash very quickly. You've probably read about the Natwest bank errors that lead to the public being unable to withdraw cash or pay direct debits, this is well known to insiders as an organised international hack attempt on the Natwest servers, easier to simply turn off the ...

HOW DRIVERLESS CARS WILL CHANGE INSURANCE

Did you know that motor insurance makes up roughly one third of the total global insurance premiums taken by insurers? Did you know that driverless cars are due to bring accident rates on the worlds roads down by 99% ? (If countries and road systems were to fully implement driverless vehicles). The vehicles will be on the streets of our towns and cities sooner rather than later, the only thing stopping them is legislation, the technology is ready. Therefore basic mathematics points towards the insurance market taking a huge hit in the coming years. There isn't a glowing silver lining either, the claims that will likely occur involving driverless vehicles will be system related, 3rd party hacking or breakdown, usually low frequency events but high pay out, meaning prediction and pricing will be wayward for at least the first 3 years. While this may mean (in a fair world) super low insurance premiums for driverless car owners, what happens to those of us stu...