Following the Brexit vote in the UK’s referendum on European Union (EU) membership , we now know that it is going to take many years potentially to fully extract ourselves from the EU.
So in the first instance, the legal obligations, such as the General Data Protection Regulations (GDPR), still have to be met. This will be something that every employee will need to understand and comply with, which is something an organisation’s security team can help with.
Moreover, it is important to note that the GDPR will still apply to any organisation holding data on European citizens, so the requirements may well be the same irrespective of the UK’s relationship with the EU.
Digital innovation is what is going to make UK successful and is vital that any project which is GDPR-compliant is also digitally compliant; in fact, we see GDPR as an opportunity to positively change customer relationships, as well as a legal requirement.
Looking further ahead, places such as the Isle of Man and the Channel Islands have successfully forged a positive relationship with EU data law, which means they can use European citizens’ data.
This provides a space where organisations comply with the law, but have a little bit more freedom to innovate. Potentially the UK could adopt this model on a larger scale.
What is clear is that a level of improved social interaction is required around data whether we are in the European Union or out of it.
There are still an awful lot of discussions needed to go into what the UK wants in terms of its position in global data regulation. We could either adopt everything that takes place in European regulation or adopt a bilateral relationship with Europe and the US which is subtly different.
Talent remains strong in the UK, but there is a long-term need for more information security expertise to be grown and developed inside the UK.
An important board-level conversation is talent planning to ensure that organisations can access the best talent that will enable opportunities and manage risks around information in an ever more competitive marketplace. Organisations should be looking at how to develop talent at universities, through apprenticeships, as well as in-house.
Obviously uncertainty is difficult and can paralyse decision-making when it is not necessary. It is important for information security professionals to be open, collaborate and advise across their organisations about opportunities as well as threats.
It is a community which will be able to cope with the changes ahead and have the ability to innovate successfully, advising at board level in organisations. It is imperative that businesses understand how they can strategically respond to the trends that are clear and important, without getting distracted by uncertainty.
David Evans is director of policy at BCS, The Chartered Institute for IT .