Home GDPR Data flows post Brexit: “Map out your data, do it now”, says privacy experts
GDPR - August 5, 2020

Data flows post Brexit: “Map out your data, do it now”, says privacy experts

UK businesses should work on the assumption that the UK will not receive an adequacy decision from the EU after the Brexit transitionary period has ended, according to a panel of privacy experts at Last Thursday in Privacy on 30 July (this month sponsored by Microsoft).

The panel, discussing the future of data flows post Brexit, agreed that the UK is in deep water when it comes to receiving an adequacy decision from the EU that would allow for a continuation of the free flow of data to and from the EU. Following the Schrems II ruling, UK companies should assume that the UK is going to become a third country and steps must be taken before the decision is made. 

According to Andrew Sharp, practice lead at Securys, the most obvious first step for UK companies that transfer data outside the EU is to map carefully where their data is flowing. Additionally, it will be important for these companies to engage with vendors and investigate their plans to take additional steps. He said: “It would not be prudent at this point to wait for an adequacy decision; you need to be doing something.”

Perry Keller, reader in Media and Information Law at King’s College London, added that supplemental measures such as encryption and transparency of when the data is being accessed after it has been transferred is a costly position for controllers. 

Sara Armstrong-Smith, chief security advisor at Microsoft, said in relation to UK adequacy: “We are proactively working within Microsoft, with our partners, and also with our customers, to consider what happens if we leave without an adequacy agreement and also what that means. […] If we need to amend any of those provisions, if we need to amend our terms of services, to enable any specific provisions from the EU, or from the UK, that is something we are actively working on at the moment.” 

She added: “Everything that’s going on that we are talking about, [Microsoft] are feeding that back in terms of what does that actually mean, in regard to how we deliver our services to you, but more importantly, how do we enable our customers to be compliant and how do we enable them to always have access and maintain control of their own data.”

From July 30, Microsoft’s guidelines on how their customers using SCCs can manage their data flows are available for access to all customers. Microsoft’s main focus during this period, Sara said, was enabling their customers to be compliant and ensuring that they always have access to and maintain control of their own data. 

The panel urged businesses to prepare to do additional analysis and to work with providers and partners. 

To watch Andrew Sharp, Sarah Armstrong-Smith, and Perry Keller discuss “Brexit Series: GDPR and the Future of the UK – Data Flows Post-Brexit” on-demand, click here.

 

The post Data flows post Brexit: “Map out your data, do it now”, says privacy experts appeared first on PrivSec Report.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Fake Russian Facebook accounts suspended amid “hack and leak” concerns in run up to US election

Three networks of fake accounts linked to Russian military intelligence and the Internet R…