Will Brexit impact GDPR and data protection rules?
Now that the UK’s decision to leave the EU has had a chance to sink it, the consequences for how the continent continues to do business together comes into question.
As important, is the question of how the UK will deal with personal data from the EU? In a data-driven world, any change in the way we transfer data can have a domino effect on business continuity and ultimately the economy.
When the Safe Harbour agreement was abolished by the European Court of Justice, governance of data transfers between the US and EU was left in limbo. Many companies were quick to offer their own “guaranteed hosting” solutions for the EU, before politicians on either sides ink dried on new regulations, which took the form of the Privacy Shield.
The question of data transfer now that Brexit has come to fruition is of even greater significance for companies who have dealings with the EU, and are already trying to deal with the new EU data protection law; the General Data Protection Regulation (GDPR). Coming into effect in January, most IT professionals will be aware that the GDPR involves more than a tweak to existing procedures. According to a survey that we conducted last year, three quarters of UK companies say that keeping up with data protection regulatory requirements will cost them financially. Achieving compliance involves all the departments involved in gathering, handling, processing and storing data to come together to use new tools, technologies and training.
Faced with this already complex compliance landscape, it is understandable for companies to worry about how much more complicated everything will become with the UK leaving the EU. Will the UK adopt a data protection regime that’s more onerous than its current one? Even with the referendum votes in, businesses should still make plans that work for both scenarios.
With Brexit becoming a reality, the UK will be governed by a different data protection regime, but wwill still need to comply with data protection measures to do business with the EU. In this situation, many of the current GDPR requirements should still stand. “GDPR is going to affect UK businesses offering any type of service to the EU market, regardless of whether your business stores or processes data on EU soil,” said Chiara Rustici, independent GDPR analyst.
With this in mind, businesses should stay on the course of preparing for GDPR, which should be well underway. However, with this being said, companies need to continue to consider how different scenarios might play out. The framework that is put in place needs to be flexible enough to adapt to a changing regulatory landscape. To paraphrase Donald Rumsfeld, the GDPR is a “known known,” the Brexit alternative is still a “known unknown,” even after the vote, but there are other “unknown unknowns” that will impact infrastructure design decisions, so companies should institute all changes with the understanding that the changes may need changes.
To ensure that you are prepared, no matter how the outcome continues to play out, here are five steps that should stand your company in good stead:
- Consent: re-thinking and re-designing sign-up procedures and configuration settings for explicit content should be top of the list
- Personal Data: individuals can object to the use of personal data for profiling, specifically in direct marketing. Any tracking of users requires clear, unambiguous consent and describe every step including where, how and what data is sorted
- The Right To Be Forgotten: this requires a system where users can review data, request rectification and have the option to withdraw earlier given consent
- Moving personal info: moving personal data from one provider to another is going to involve common use standards and access to services from a well-designed API
- Pseudoymisation: the latest buzzword in privacy-enhancing techniques ensuring non-attribution, meaning that data needed for attribution is not stored with transaction data
As the UK starts to figure out what Brexit means for the country, getting ahead of the game with your data protection policies will be worth the time no matter how regulations and business with the EU changes.
By Michael Hack, SVP of EMEA Operations at Ipswitch
Read the July EURO 2016 issue of Business Review Europe magazine.
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”