Follow Us

Follow us on Twitter  Follow us on LinkedIn
 

21 November 2017

Commercial Risk Europe: UK risk managers warned to comply with GDPR despite Brexit


Default: Change to:


UK risk managers and their bosses need to forget the idea that Brexit will somehow let them off the hook when it comes to the EU’s forthcoming General Data Protection Regulations (GDPR). The UK will have to apply the tough new rules for at least ten months and probably beyond if its companies want to continue receiving personal data from EU territories.


Joanne Howie, deputy general counsel (global) at AXA Corporate Solutions, said that these rules need to be taken seriously because they raise the level of risk faced by almost all companies in a potentially significant way.

Ms Howie said it is not “crystal clear” at this stage exactly how the fines included with GDPR will be applied in practice. She also warned risk managers not to be lulled into a false sense of security by recent words from the ICO that suggest it prefers to use the carrot rather than the stick. “They will use a sledgehammer if they need to!” said Ms Howie.

The lawyer said that responsibilities need to be made clear at each and every company. Risk managers will have an important role to play in GDPR programmes and must work with data protection officers, IT and others to identify and assess the risks of non-compliance, she continued. But boards need to make sure that the message comes right from the top. “Everyone has a role in data protection compliance,” stressed Ms Howie.

Julia Graham, deputy CEO and technical director at Airmic, the UK risk management association, agreed with Ms Howie that 2018 will be a big year for the GDPR and urged members to take it seriously.

During a later panel debate on the rise of the digital age, Ms Graham said the one thing that might persuade directors to take the GDPR more seriously is the real threat that failure to comply and carry out duties could void D&O cover, always a matter likely to grab their attention.

Ms Howie’s message to risk managers that Brexit provides no relief from GDPR was loud and clear. “Brexit will not give us a lucky escape unfortunately. The GDPR will be applicable despite Brexit. Given the timeline, on current estimates, the UK will be formally subject to the GDPR for at least ten months. All other indications both from government and the ICO are that they intend to retain the GDPR at least for the short to medium term following Brexit. Importantly, in order to be considered an adequate jurisdiction for receipt of personal data from the European Union, the UK must have an ‘equivalent’ level of protection. It therefore does not look like it is going away,” Ms Howie explained.

Full article on Commercial Risk (subscription required)



© Commercial Risk Europe


< Next Previous >
Key
 Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information



Add new comment