Blog

Deal or No Deal: GDPR after Brexit

UK inadequacy?

Late last week the government issued a formal statement about the position of the UK in relation to GDPR in a no deal scenario. As expected conditions for the flow of data between the UK and the EEA are a primary concern in this situation. Transfers of data outside the EEA must be safeguarded. Of all the safeguards available, the ideal for the UK is to gain adequacy status.

Regardless of Brexit, it can take some time for the EC to review whether adequacy status may be granted. Earlier this year the Information Commissioner Elizabeth Denham spoke in Select Committee about the need to seek a ruling about adequacy sooner rather than later to ensure a smooth transition. and also expressed doubts about whether the UK may attain adequacy.

There are some impediments to UK adequacy, namely the so-called Snooper Charter which has been challenged by the European Court of Justice (ECJ). The ECJ has ruled that the “general and indiscriminate” retention of electronic communications allowed under the Charter to be illegal.

Also, once the UK leaves the EU, it will no longer be covered by the EU-US Privacy Shield provision for transfer to the United States. There is concern that any data sharing agreement between the US and UK will not be robust enough to satisfy European requirements.

To be fair, this was always going to happen. With Brexit, the UK was always going to have to come up with a strategy for data sharing across the EEA. But a no deal outcome may accelerate the process, meaning this must be dealt with sooner rather than later.

Without the certainty of an adequacy ruling any time soon, government advice is to begin preparing  for the use of Model Clauses and Binding Corporate Rules (BCR) to manage data transfers to the UK. Each of these may involve quite a lead in time for organisations to set up, so the time to act is now.

Uncertainty and Risk

What does that mean for organisations in the UK that rely on GDPR to support free flow of information within the EEA? It’s a risk, and one you should be ready for. While there is uncertainty about the future of data transfer arrangements between the EEA and the UK, it is worth beginning to prepare for the worst.

How do you prepare? The first step is a risk assessment. Organisations that have already worked to comply with GDPR will have a head start, as they will understand their data flows and have a strategy to employ safeguards to transfer. In effect, those who have records of processing and GDPR action plans will have already completed much of the analysis they need to pinpoint areas that need to be addressed.

If you haven’t done this already, and you do share personal data with the EU, understanding where your personal data is, where it comes from and where it is sent is now urgent.

With the future so uncertain, and such a high noise to signal ratio on the topic of Brexit in the media it is so tempting to switch off and pretend it is not happening. But for UK businesses sleepwalking into a no-deal/no data situation is not an option. If not already started, risk assessment, mitigation and safeguard arrangements need to start now.

 

 

Metataxis donates funding for CityLIS

Metaxis presentation 1Metataxis has donated funding for CityLIS students to attend conferences.

The press release states.

“The Department of Library & Information Science (CityLIS) at City, University of London continues its strong links with the commercial world. Metataxis, a leading taxonomy and information management consultancy, has made a generous donation to CityLIS. The funding will support our MA/MSc students in attending conferences, workshops and seminars of direct relevance to their careers. Many of the CityLIS students are embarking on a career in library and information work or are early career professionals who will benefit enormously from this opportunity. This builds on a strong relationship that Metataxis already has with CityLIS. Directors Judi Vernau and Noeleen Schenk have both been guest lecturers sharing their expertise in taxonomies and knowledge management with CityLIS students. This real-word experience is one of the most valued aspects of the CityLIS course.”

The full details can be found on the City, University of London website here.

See www.city.ac.uk/department-library-information-science for more information.

Metataxis now on G-Cloud 10 framework

Metataxis are pleased to announce that public sector organisations can again access our services through the latest G-Cloud 10 framework.

Cloud services, such as O365/SharePoint Online, require careful planning, design and governance to be successful; however all too often this is just seen from a technical perspective rather than one based on the information and the user.

Metataxis can help organisations meet these information management and information architecture challenges that make the difference in being able to support long term adoption and deliver real value.

Metataxis offer a number of services on the G-Cloud:
Information Architecture
Information Management
Information Discovery
Content Migration
Training

If you would like any further information then please contact us.

AIIM GDPR Virtual Event

Metataxis are presenting a session at the AIIM GDPR Virtual Event.

The webinar will be jointly run by Marc Stephenson (Metataxis) and Patrick Cardiello (Active Navigation). The session has the acrostic title (we couldn’t help ourselves!) “Get Doing Privacy Right now!”, and details a case study in implementing GDPR for a global services organisation Metataxis is currently working with.

The aim of the webinar is to describe some real-world practical steps, especially around tools, for achieving GDPR compliance. The main tool we’ve been using for this client is the analysis and discovery tool from Active Navigation. This tool has been very effective at understanding the client’s information estate, which has made possible many GDPR tasks that couldn’t have been achieved without it.

See the Metataxis GDPR offering for more detail.

Metataxis now on G-Cloud framework

Metataxis are pleased to announce that public sector organisations can now access our services through the latest G-Cloud 9 framework.

Cloud services, such as O365/SharePoint Online, require careful planning, design and governance to be successful; however all too often this is just seen from a technical perspective rather than one based on the information and the user.

Metataxis can help organisations meet these information management and information architecture challenges that make the difference in being able to support long term adoption and deliver real value.

Metataxis offer a number of services on the G-Cloud:
Information Architecture
Information Management
Information Discovery
Content Migration
Training

If you would like any further information then please contact us.

The Implications of Blockchain for KM and IM

Metataxis are speaking at a seminar of the Network for Information & Knowledge Exchange (NetIKX), on Thursday 6 July 2017.

The seminar overview is: Blockchain is a word that is growing in usage – in both the IT and information management worlds. It is one of the most exciting and potentially game-changing technologies. But what is it and what does it mean? And as information professionals what do we need to know? What will be its impact on the management of information and knowledge?

See www.netikx.org/content/implications-blockchain-km-and-im-thursday-6-july-2017 or download a PDF summary for more information.

The importance of taking a holistic view of information and knowledge management.

Information and knowledge are crucial organisational assets, and like any other assets (people, property etc.) need to be considered and managed from a holistic point of view. This means that there needs to be a strategy which addresses all content across the organisation and which is driven by the over-arching organisational vision and strategy and closely linked to strategies for technology and HR.

Corporate information strategy documents often make statements such as:
• ‘Information’ covers documents, data, images, sound, video and social media;
• Information is treated as a valued asset;
• Information can be trusted;
• There is one version of the truth;
• Information openness is the norm (duty to share, rather than need to know);
• Information management will be embedded into the culture.

In order to turn these ideals into reality, the organisation needs to start by understanding its current information environment, and to create a collections model for the future environment. Understanding the current environment means investigating the content of all repositories such as shared drives, document management systems, paper stores, databases, websites, intranet, blogs, wikis, and so on. Only by understanding the form and nature of current corporate information can you create a future information architecture which will support all of the statements in an information strategy. This sort of discovery work needs to be completed at least at a high level in order to understand the current landscape as a whole and start to map out what the future collections model – essentially what goes where and how it’s categorised and related – should look like in order to maximise these assets.

Unless you take this holistic view there will continue to be duplicated content, confusion for staff as to what goes where, important content that just gets lost, or cumbersome processes in making sure that staff get the information they need. For example, many organisations separate out their intranet for corporate content (i.e. mainly information that the organisation wishes to highlight for its staff, such as policies and procedures or news) from the main document management system (DMS). How do the policies on the intranet relate to the policies in the DMS? How do staff know which one is the latest version? How do the policy creators publish the latest version to the intranet? Are there then two copies of the latest version: one on the intranet and on in the DMS? If we are publishing procedures on the intranet, are they all procedures for all departments, or just the ones HR consider to be key? Where are the others? You may also have specific repositories for managing projects or cases: how do these tie in with the DMS? How does the content of internal social networks relate to other content? There might be valuable insights stored in social networks: how is this captured and managed?

The key is to design your future collections model for the whole organisation to ensure that content of all kinds is grouped in the most logical way to support business requirements. This can be implemented piece by piece, but must be designed at the outset. The collections model is underpinned by an enterprise metadata scheme and data model, both of which are supported by the ontology, which also supports intelligent search.

The discovery work is the fundamental first step. Once you know what you have, you know what you can discard, either by destruction or by archiving. You can create the structures and classifications which determine what lives where, how it is connected and how it is found and used.