Brexit and GDPR are often met with equal voices of tedium, but Compliance Compendium chief business development officer Gareth Gadd shares some optimism for SMEs.
Earlier in the week, Gadd participated in a panel discussion at UKFast around Brexit and GDPR and the result was a surprisingly upbeat message.
He said, “Personally, I had a simple message for the viewers and that was to urge companies to think about what data they have; where their data is being held (especially if you’re using cloud services) and with whom that data is shared (especially if that data goes outside the EU – of which we are still part). Many companies aren’t thinking about where their data goes in the cloud. It could go to a data centre anywhere in the world. So, it’s crucial to know where your data is.”
Another issue which Gadd sees is with businesses not fully understanding what constitutes as consent and when they are identified under law as data owners and data processors. Further yet, Gadd believes some SMEs do not even have the inhouse skills to get to grips with these.
For example, he expressed that when you put data into an online CRM system, you become the data owner and the CRM system is the data processor. This system can be hosted either in the UK or EU, but the data is typically processed outside of these regions, often being in the US.
Within this instance, you would need to notify the data subject and gain their consent to store and use the data for use within the UK or EU. Consent requirements also necessitate that the data will be processed overseas.
If a customer does not get notified of this and their data is processed overseas, privacy regulations in the other countries could permit data mining or additional data mining, without the need of consent. Gadd said, “This is just one small example, but can apply to storage, mail, and many other cloud-based business tools you may care to think of.”
He added, “The best thing that many UK SME’s can do right now is get compliant. It might seem daunting but Compliance Compendium can guide companies through the necessary work they need to do and help them implement compliant policies and documentation to get compliant.
“They can then use our compliant Platform as a Service that will help them stay compliant. Getting compliant is an excellent decision because it will help many SME’s take advantage of opportunities wherever Brexit takes us.”
Copyright © 2018 RegTech Analyst
