SW businesses need to upgrade data protection post-Brexit

For businesses in the South West that trade with the EU, the EU data protection legislation changes coming into effect in May 2018 are still likely to apply despite Brexit. That’s following the UK Information Commissioner’s view that regardless of Britain’s approach to Brexit, the new European legislation (the General Data Protection Regulation, or GDPR) will apply to UK businesses.

EY is already seeing increased interest from clients as they look at their current approach to data protection and privacy and determine what they need to do at a minimum to comply with the deadline of March 2018.

Pragasen Morgan, EY’s Privacy leader in the UK said: “This is a sensible approach since any business holding data relating to EU citizens will have to meet GDPR standards to protect that data. The South West has vibrant trading links with Europe, and these will continue after Brexit – but South West businesses will need to be ready to trade under these new EU privacy rules.

“Typically, we are seeing clients needing to upgrade their approach to data protection by understanding the risk in relation to the capture storage and transmission of personally sensitive information; documenting process flow in relation to the capture, storage and transmission of personally sensitive information; and leveraging existing compliance programs instead of starting from scratch.

“It is important that South West businesses start to consider this now, to prepare for a new trading environment post-Brexit and to protect their existing trade with the EU.”

Contact Pragasen pmorgan@uk.ey.com or Mark Russell in EY’s Bristol office mrussell@uk.ey.com for support with privacy and other IT risk related matters.