DCN September 2016 - Page 45

final thought how it happened and how it has been fixed. Whilst it may be tempting for UK based companies to disregard these regulations on the basis of Brexit, it would be misguided to do so. A question of compliance Even though UK businesses will no longer be bound by the GDPR by default, any incarnation of a UKEU trade agreement would likely involve adherence to the GDPR as a prerequisite. In fact, for companies reliant on the open flow of data between the UK and EU, it may even be advisable to ensure that data protection is on par, or superior to, the requirements set out in the GDPR. Doing so would minimise the risk of scaring away foreign investment and quell any uncertainties about data security. This is because there is no guarantee the EU would accept a new UK centric data policy, and any adequacy assessment of new regulation would almost definitely reflect the new GDPR regime, and not the EU directive that is in place today. The fact of the matter is that a ‘Brexit’ is not likely to make compliance with data protection law in the UK any easier. So how can organisations future proof themselves from a data security standpoint? Taking action now is the most important thing. As the saying goes, to be forewarned is forearmed. Begin the process of revising IT strategies as soon as possible to avoid being left behind. It could also be key to gaining a competitive advantage over rivals. The best way to achieve compliance and beyond is to ensure that your organisation has a comprehensive security stack in place which comprises, at the The process of extricating the country from Europe will not be a simple one. bare minimum, of antivirus, breach detection and modern endpoint back up tools. This serves the dual purpose of defending against data breaches and allows you to detect and mitigate the damage caused by any potential breach as soon as possible. With the right solutions in place, along with a clearly communicated security policy for staff, your company is in a great position to do business across the EU – whatever the future holds. A couple of key elements of GDPR requirements on an organisation relate to the remediation of any breach and reporting of such a breach. Failure to comply with either of these within a short space of time can trigger those same fines. This means that an organization must be able to detect a breach, report both to the individuals affected and also the authorities what happened, how it happened and how it has been fixed. 45