Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Analyst Urges UK CISOs to Act on Brexit

A leading analyst firm has warned British CISOs to focus on three key areas to mitigate the potential fallout from the UK’s departure from the European Union.

Whether the UK strikes a withdrawal agreement with the EU or not, security bosses must carefully consider action to maintain unhindered international data flows, and manage potential staffing and regulatory challenges, according to Forrester senior analyst, Paul McKay.

He warned that a no-deal Brexit would invalidate current equivalence between the UK and EU’s data protection regimes, putting up barriers to seamless data transfers.

“We recommend that CISOs and DPOs start looking into alternative means now for guaranteeing the legal basis for their international data flows between the UK and EU,” he urged. “This can either be through model clauses or a binding corporate rules program, for example, which are already widely used for transfers outside of the EU.”

CISOs should also work hard to provide reassurance and support for any EU citizens on the staff roster, some of whom may need help with applications to remain in the country. More challenging still will be recruitment.

“Restrictions on the numbers of EU citizens entering the UK and vice versa are generally expected, so review your operating model carefully to mitigate the impact that restrictions on freedom of movement could bring to your security organization structure and headcount deployment,” said McKay.

“In addition, consider the implications for business travel for any service providers and staff supporting you from outside of your main headquarters locations.”

Finally, there are the requirements from EU laws PSD2, GDPR and NIS Directive to report breaches to the relevant authorities. McKay urged UK CISOs to review and update reporting lines as regulatory relationships change, as well as to update incident response plans and any supporting operational processes.

What’s Hot on Infosecurity Magazine?