After months of speculating, dubious political scaremongering and heated debate the European Union (EU) referendum has come and come, with Britain now confirmed to be cutting its ties with what many view as one of the strongest and most successful multi-national peace initiatives ever.
So, as the dust settles and the realities of the Brexit start to kick in, it has left many in the industry pondering what it means for the future of cybersecurity and privacy governance, with concerns surrounding the upcoming General Data Protection Regulation (GDPR) – which will now not directly apply to the UK – a prominent talking point.
However, security experts have been quick to allay such worries, stating that even without the GDPR, Britain’s’ cybersecurity governance will still be in good hands, with a strong likelihood the country will adopt a legislation directly modeled on the GDPR designed to minimize the barriers to continued trade.
“The long-term impact of a ‘Brexit’ on the legislative framework for privacy will probably not be hugely significant,” said Peter Galdies, development director at data governance, risk and compliance firm DQM GRC. “After Article 50 is invoked which gives our official 'notice' to leave the EU (which now looks likely to be after October 2016), there will be a mandatory 2-year MINIMUM period in which we remain a member of the EU whilst we negotiate an exit. During this time all existing legislation (including GDPR) will continue as before. Many forecast that this process might take much longer – with many estimates between three and six years.”
“The many organizations which already manage or contain personal data relating to EU/EEA state citizens (clients, prospects or employees) will continue to have to manage that data according to the requirements of the GDPR regardless of 'Brexit', or they will be in breach of the GDPR and risk large fines – so for many organizations nothing will change – the GDPR will apply even when we leave."
These were sentiments echoed by Michael Hack, senior vice-president of EMEA Operations for Ipswitch, who said:
“Companies who have dealings with the EU have been busily preparing to comply with the new EU data protection law, the GDPR. Now the UK is out it will be governed by a different data protection regime. However, it will still need to adhere to suitable data protection measures in order to transfer data to and from the EU. So in many regards, the requirements of the GDPR will still apply and it is back to the business of preparing for it.”
Tudor Aw, head of technology sector at KPMG UK, was just as optimistic, stating that the core attributes that make the UK Tech sector so strong and attractive remain in place despite the Brexit.
“Technology is a sector that will only increase in importance and works without borders, I therefore continue to see the UK Tech sector as one that will not only withstand the immediate challenges of the referendum result, but one that will continue to grow and thrive,” he added.