Discover why PagerDuty users are switching to Everbridge xMatters. Learn more

How Will Brexit Affect Security in the UK?

Use Privacy By Design for Products and Services

Brexit, a word that is the combination of “British” or “Britain” and “Exit,” is, in essence, a referendum focused on Britain leaving the European Union (EU). The vote that was held on June 23 resulted in 51.9% in favor of Britain leaving the EU. The referendum vote, at the time of this writing, still has to be ratified by the British Parliament and some details still have to be negotiated.

Data Breach Best Practices QuizWhat does this mean to the international landscape? That is a large question that can only be speculated on at this time. The only country to leave the EU before now is Greenland, but history shows that divorces can be messy if not approached and conducted with care and diligence. The Warsaw Pact came apart in the years leading up to the dissolution of the USSR in 1991. The main impact will be to the common set of regulations that govern the behavior of people and organizations conducting business, travel, etc. to and from Britain and the EU countries.

Privacy is a regulatory compliance that has been a hot topic in the EU for the last few years. One speculation is that Britain departing from the EU will most likely add complexity to dealing with Britain and the EU in regards to privacy regulations.

As privacy influences how many organizations deal with customers internationally, there will be a need to monitor any changes in the privacy landscape.  Simple concepts of where client data is stored and processed can become complex due to regulations restricting data transfers and the roles and responsibilities of the data owners, employers and service providers, and subprocessors (service providers to employers/service providers).  Since privacy compliance is a major driver in information systems security, there may be impacts to information security operations as well.

Questions About New Regulations
In the EU, the Global Data Protection Regulation goes into effect in 2018.

The GDPR brings new focus to communication issues regarding data, including matters of consent, storage, and children.

It applies to all data processing by any establishment in Europe, no matter where the processing actually happens. So a surprisingly high number of websites will have to comply, including any organization established outside of Europe if it is:

  • Offering goods or services in Europe (including free services)
  • Monitoring behavior in Europe (including ordinary web analytics on any website)

Member states can act individually if they keep and introduce more stringent legislation for special types of data, including medical data. If it is no longer a member state, whether the UK will still have to comply remains to be seen.

A lot remains to be seen as the situation is developing and evolving. In the final analysis it will be important to observe the situation closely and to understand the changes and impacts that they carry.

Learn More About Data Security

The GDPR is only one of many regulations affecting global security and privacy in the coming years. From data storage and transfer to customer notifications and security breach protection, the landscape is shifting for companies in the UK, the United States, Singapore, and around the globe. Get more information from our white paper, 2016 Communication Best Practices for Data Breaches and Service Outages.

Request a demo