Reach your IT peak: How will Brexit affect GDPR?

Managing Director

Fav thing about the office

Good banter

As a child I wanted to be a ... when I grew up

Plumber/Electrician

Guilty Pleasure(s)

Strictly come dancing

Favourite Holiday

Crete

If I had a superpower it would be...

Mind Reading

Describe yourself in three words or less

Methodical, Energetic, Reliable

An interesting fact about me

Started “Work” life as an opera singer

Likes

Horse riding, fillet steak and a good curry

Favourite Band

…into Classical Music

Karaoke Jam

Desperado- The Eagles

What I do at Q2Q:

My role is to provide the overall direction and “eye on the compass” as to where we, as a team, are heading.

I’m still very much focused on the customer and will often get involved in customer solution discussions. As a techie at heart, I’m regularly seeking to understand industry developments and directional changes that may affect our customers, so we and our customers can remain on the front foot.

Background and Achievements

I started out in an I.T technical department of what was then British Rail, following which I joined a large construction company to re-organise their I.T infrastructure.

I then spent a couple of years as a business systems analyst at P&O Nedlloyd designing, developing and implementing systems within their Bulk and Tank Carrier companies.

In 1999 I was appointed as I.T Manager of SockShop and subsequently as of Head of I.T. at the Tulchan Group, comprising then of 300 stores. Due to a Year 2000 compliance issue, we were required to seek an alternative system, which we were able to more cost effectively write ourselves. This product subsequently became known as RAWHIDE and we later sold this product into a number of other businesses. At the time it was quite cutting edge as all the warehouse function was undertaken using handheld, wireless scanners, rather than the batch scanners that were dominant at the time.

In 2003 The Tulchan Group was acquired by Harris Watson. We were then asked to take responsibility for the I.T. of Viyella Ladies wear and in 2004 the demands of two MD’s and two FD’s (Tulchan Group + Viyella), resulted in the sensible decision to break out of the group and Q2Q was born. This then enabled us to also get involved with a number of other group companies (Harris Watson owned companies) as well as other non-group parties.  At one stage we were managing the I.T for almost 500 stores across a number of businesses.

Today Q2Q retains some of the group customers that we acquired along the way, as well as a substantial number of new and diverse customers in almost all industries including accounting, business development organisations, legal marketing, medical, retail and wholesale.

Hobbies and Interests

Horse riding, running (Jogging), motorbikes, reading any of the Detective Rebus stories.

One of the most uncertain issues in the current political climate has to be Brexit. The past few months have been rather turbulent in terms of negotiations, and it’s still up in the air as to what will happen when the country leaves the European Union. But, one question on many businesses’ lips is ‘how will Britain’s exit affect GDPR?’

While we know that nothing is set in stone regarding policies and strategy, at Q2Q, we’ve decided to pen a short and easy-to-digest blog to give SMEs some clarity on the cloudy situation, and offer insight into what the temperature of the GDPR pool is looking like post-exit – whether it’s a deal or no-deal outcome.

A GDPR recap

Last year – on May 25th – Europe upped the ante on its data protection rules and introduced General Data Protection Regulation across all Member States. Essentially, this new legislation aimed to give individuals greater control over their personal information – any details that can be used to identify them – and changed the way in which companies across Europe could collect, process and store this.

As a result, all organisations – UK and Europe-wide – had to re-examine the way they handled their customer, employee and business partner data, to ensure compliance with the new framework.

But, what about Brexit?

So, many SME owners may be thinking – if we’re no longer in the EU, do these regulations even apply to us?

Well, to set a bit of context. When forming part of the EU, the UK benefits from the free flow of personal data between all Member States. However, after the UK’s departure, it will be classed as a ‘third country,’ meaning it will no longer be part of the bloc.

Yet, while it won’t intrinsically form part of the European Union, the UK will still have dealings with it – particularly where trade, intelligence and data security are concerned. And, in the case of the latter, the UK will have to prove to the EU that its data protection is of a suitably high level if the EU is to consider granting the UK ‘adequacy.’

Wait – so, what does adequacy mean? Well, the clue’s in the name.

The UK government has confirmed it will liaise with the European Commission to request a data adequacy agreement – ensuring the country is whitelisted – meaning the Commission is happy that the UK’s level of personal data protection is as robust and secure as the EU’s GDPR, and that it’s, well, ‘adequate.’

What does ‘No Deal’ mean for data?

Deal or no deal, once the UK leaves, the government intends to incorporate GDPR into state law – called ‘the UK GDPR’. However, if it exits without a deal, UK officials have stated that the country will still allow the free flow of data from the UK to other EU Member States, but it has no control over data transferring from the European Economic Area (EEA) into the UK – and, that’s where things become a little tricky.

If no negotiations are successful, UK SMEs should remain compliant with current data protection law and adopt other ‘safeguarding measures’ in the meantime. The Information Commissioner’s Office (ICO) has suggested that businesses which transfer data with EU Member States may want to introduce something called ‘Standard Contractual Clauses’ (SCCs) – essentially T&Cs which both UK and EU firms sign, to help protect personal data when it leaves the EU and is no longer behind the GDPR shield.

The ICO has published some advice for SMEs looking to determine whether SCCs are needed for their business and if so, how to choose the right ones.

Data in a ‘Deal’ scenario

If the UK leaves with a deal, data controllers won’t really notice any immediate changes to their responsibilities. The stream of personal data will continue to move without restrictions between the UK and the EU, but it will then be up to the EU whether to grant adequacy status or not.

If the protection measures are deemed sufficient, then nothing much will really change – SMEs will be able to operate as they do now regarding the exchange of personal data across Europe.

So, given the transfer of data is one of the areas which is placed under the GDPR microscope, no matter the outcome of Brexit, it will be crucial for UK businesses to have security parameters in place where personal data is concerned, to ensure as little disruption as possible when the departure date arrives.

For SMEs looking for further advice on GDPR and Brexit, the ICO has many resources and articles for companies to access for free – including six key steps to take.

How will Brexit affect GDPR? How will Brexit affect GDPR?