Data experts, marketers and business owners came to Brexit Briefing in London yesterday to look at the realities and obligations of data protection at a watershed time in British politics.
The key issues were debated in an engaging day of keynote talks and panel debates at Brexit Briefing, where Abigail Dubiniecki, Data Privacy Specialist at My InHouse Lawyer, opened by looking at the ways various Brexit outcomes may impact upon firms in Britain and beyond.
Secure Theresa May’s deal and, from a data protection perspective, the status quo continues until the end of the transition period is over at the end of 2020, during which time the UK’s Data Protection Act will still apply, and the EC will have hopefully found the UK’s data protection environment to have achieved adequacy.
If we can’t secure a deal and we’re not ready to move from the EU, then Article 50 will be suspended, resulting in another status quo situation. However, leaving without a deal will render the UK a third country, in which case updates will be needed.
Ms Dubiniecki established that local representatives are needed by both UK companies that have a data handling presence in the EEA, and vice-versa – an individual or group separate from a Data Protection Officer and who can be accessible to local regulators should matters for investigation arise.
Beyond acting as facilitating tool to all local data protection concerns, locally-based representatives are a legal requirement that, if not in place, can leave an organisation liable to fines of up to 2% of annual turnover.
Panel debates at Brexit Briefing also threw up valuable insight, particularly regarding how businesses in the UK adapting to new data laws, and what they main challenges to compliance are.
For marketer and data protection expert, Hellen Beveridge, the biggest challenge to marketers has been knowing precisely what data exists on companies’ systems, often because so many bosses allow their data to be siloed, rendering data much more difficult to map.
Meeting the challenge “makes for more considered and higher quality marketing, but putting due diligence into the process has slowed things down,” Ms Beveridge said.
Co-founder of the Privacy Compliance Hub, Karima Noren, pointed to interpreting the lawful basis for marketing as a major obstacle in the adtech industry.
“There are so many players, no one understands how we are achieving lawful basis. The ICO have admitted it’s complex, but that’s the challenge for the industry at the moment.
“Are we relying on legitimate interest or are we seeking consent when we’re tracking individuals and what they’re doing on line? Then there’s transparency – how do we explain to the average consumer what is actually happening to their data when they’re just reading an article online?
“If you don’t understand the flow of data and who’s taking responsibility from a control or processing perspective, it’s then it’s very difficult to do, said the former Head of Legal for Google in Emerging Markets.
Ray Ford, Data Protection Officer at GDPR Institut underlined how most companies’ problems begin at data scaling.
“I go to a lot of companies and I know they’re not compliant. When you look deeper, they won’t tell you the full gamut of what they do, and you finally map out all the data between apps and third party, and cookies.
“Before you know where it is, you find it’s all completely illegal. Most companies just do not know what they collect. They have lost their scale, they have no map and when someone comes in to audit, they get scared.
“Only when you have exposed all of the collection processes, then you can start to address [compliant data handling], Mr Ford said.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.