The British people opened a new phase in the relationship of the UK and the European Union on 2016, 23 June, when they voted to leave the EU. This step not only has impact on the economy or the industry of Britain, but crashes the well-developed cyber security laws, affecting the country’s everyday data and Internet security. Experts revealed how this event will change the cyber security landscape for the inhabitants of the country, as usually upheaval and insecurity creates opportunity for hackers. Apart from the potential for attackers, the Brexit draws another issue with itself, that is the question of the GDPR (General Data Protection Regulation), which will be implemented in the EU in 2018.
Cyber Security Landscape in the UK
Cyphort’s co-founder and chief strategy officer Dr. Fengmin Gong explained that there are several components of the possible increase in cybercrime, which have all been created by Brexit, and warns the UK for the growing number of data breaches, DDoS attacks and ransomwares. Gong said: “Historically we have seen cybercrime rise after large natural disasters and events impacting world economy; Brexit qualifies for the latter.” Later added the following: “Brexit has increased the supply of targets because it has created uncertainty, which markets hate but some criminals embrace. Uncertainty creates opportunities, like the opportunity to target people who are fearful or confused, perhaps through online scams and social engineering attacks related to immigration status, state benefits, and so on.”
GDPR and the UK
Some of the readers might have heard about the GDPR ( General Data Protection Regulation ) which has been accepted by the EU and its member states in 2015, and planned to be implemented in 2018. However, we shall think that, now as the UK opted out from the Union it will not be affected by the new laws. But we are wrong.
The basis of the UK’s cybersecurity law is the DPA ( Data Protection Act ) from 1995, yes, quite outdated, which will be updated by the GDPR on Friday, 28th May,2018. I should say that this was the original plan before the Brexit, but it seems that the long hands of the EU’s cybersecurity laws will still reach Britain despite their secession from the Union.
What is the GDPR about?
- The companies need to erase personal data if the individual asks them to do so.
- You have to make sure that the data was collected after the consent of the target person.
- Companies need to provide the individuals’ own data if they require it, in a commonly readable format.
- They have to inform the data protection authorities within 72 hours in case of data breaches.
Regarding the situation of the UK, it is important to note that the new regulations will affect not those companies who are founded in the EU, but those who are dealing with the data of citizens of the EU. So it can be possible that your company is based in London, but you have customers from Germany or Italy, in this case the rules will apply to you as well. No excuses accepted.
What is more, the EU citizenship of clients is not the single reason why the rules apply to the UK. The GDPR will be applied in less than two years, when the UK will still be, in an interesting way, part of the European Union. According to the 50th Article of the Lisbon Treaty the UK will need to give in a withdrawal agreement containing its intention to leave the Union, which will take more than two years in reality.
So now, it is clear that all UK companies need to comply with the provisions of the new regulations, so there is really no need to seek for excuses or wait until they finally decide if the UK stays within the boundaries of the EEA ( European Economic Area ) or not. The privacy laws of the European Union will apply to the country either way.