Deal or No Deal: GDPR after Brexit

UK inadequacy?

Late last week the government issued a formal statement about the position of the UK in relation to GDPR in a no deal scenario. As expected conditions for the flow of data between the UK and the EEA are a primary concern in this situation. Transfers of data outside the EEA must be safeguarded. Of all the safeguards available, the ideal for the UK is to gain adequacy status.

Regardless of Brexit, it can take some time for the EC to review whether adequacy status may be granted. Earlier this year the Information Commissioner Elizabeth Denham spoke in Select Committee about the need to seek a ruling about adequacy sooner rather than later to ensure a smooth transition. and also expressed doubts about whether the UK may attain adequacy.

There are some impediments to UK adequacy, namely the so-called Snooper Charter which has been challenged by the European Court of Justice (ECJ). The ECJ has ruled that the “general and indiscriminate” retention of electronic communications allowed under the Charter to be illegal.

Also, once the UK leaves the EU, it will no longer be covered by the EU-US Privacy Shield provision for transfer to the United States. There is concern that any data sharing agreement between the US and UK will not be robust enough to satisfy European requirements.

To be fair, this was always going to happen. With Brexit, the UK was always going to have to come up with a strategy for data sharing across the EEA. But a no deal outcome may accelerate the process, meaning this must be dealt with sooner rather than later.

Without the certainty of an adequacy ruling any time soon, government advice is to begin preparing  for the use of Model Clauses and Binding Corporate Rules (BCR) to manage data transfers to the UK. Each of these may involve quite a lead in time for organisations to set up, so the time to act is now.

Uncertainty and Risk

What does that mean for organisations in the UK that rely on GDPR to support free flow of information within the EEA? It’s a risk, and one you should be ready for. While there is uncertainty about the future of data transfer arrangements between the EEA and the UK, it is worth beginning to prepare for the worst.

How do you prepare? The first step is a risk assessment. Organisations that have already worked to comply with GDPR will have a head start, as they will understand their data flows and have a strategy to employ safeguards to transfer. In effect, those who have records of processing and GDPR action plans will have already completed much of the analysis they need to pinpoint areas that need to be addressed.

If you haven’t done this already, and you do share personal data with the EU, understanding where your personal data is, where it comes from and where it is sent is now urgent.

With the future so uncertain, and such a high noise to signal ratio on the topic of Brexit in the media it is so tempting to switch off and pretend it is not happening. But for UK businesses sleepwalking into a no-deal/no data situation is not an option. If not already started, risk assessment, mitigation and safeguard arrangements need to start now.

 

 

Metataxis now on G-Cloud 10 framework

Metataxis are pleased to announce that public sector organisations can again access our services through the latest G-Cloud 10 framework.

Cloud services, such as O365/SharePoint Online, require careful planning, design and governance to be successful; however all too often this is just seen from a technical perspective rather than one based on the information and the user.

Metataxis can help organisations meet these information management and information architecture challenges that make the difference in being able to support long term adoption and deliver real value.

Metataxis offer a number of services on the G-Cloud:
Information Architecture
Information Management
Information Discovery
Content Migration
Training

If you would like any further information then please contact us.

AIIM GDPR Virtual Event

Metataxis are presenting a session at the AIIM GDPR Virtual Event.

The webinar will be jointly run by Marc Stephenson (Metataxis) and Patrick Cardiello (Active Navigation). The session has the acrostic title (we couldn’t help ourselves!) “Get Doing Privacy Right now!”, and details a case study in implementing GDPR for a global services organisation Metataxis is currently working with.

The aim of the webinar is to describe some real-world practical steps, especially around tools, for achieving GDPR compliance. The main tool we’ve been using for this client is the analysis and discovery tool from Active Navigation. This tool has been very effective at understanding the client’s information estate, which has made possible many GDPR tasks that couldn’t have been achieved without it.

See the Metataxis GDPR offering for more detail.

Metataxis now on G-Cloud framework

Metataxis are pleased to announce that public sector organisations can now access our services through the latest G-Cloud 9 framework.

Cloud services, such as O365/SharePoint Online, require careful planning, design and governance to be successful; however all too often this is just seen from a technical perspective rather than one based on the information and the user.

Metataxis can help organisations meet these information management and information architecture challenges that make the difference in being able to support long term adoption and deliver real value.

Metataxis offer a number of services on the G-Cloud:
Information Architecture
Information Management
Information Discovery
Content Migration
Training

If you would like any further information then please contact us.

The Implications of Blockchain for KM and IM

Metataxis are speaking at a seminar of the Network for Information & Knowledge Exchange (NetIKX), on Thursday 6 July 2017.

The seminar overview is: Blockchain is a word that is growing in usage – in both the IT and information management worlds. It is one of the most exciting and potentially game-changing technologies. But what is it and what does it mean? And as information professionals what do we need to know? What will be its impact on the management of information and knowledge?

See www.netikx.org/content/implications-blockchain-km-and-im-thursday-6-july-2017 or download a PDF summary for more information.

Pause for thought

Managing your information, and implementing a system to do it, is a complex task with many knots that need to be unravelled and it takes time to get it right.

All too often the focus of a project implementing such a solution is on getting it done rather than doing it right. Too much effort is spent moving the projects through various gateways rather than spending time on actually thinking through what needs to be done.

Information management systems such as SharePoint too often founder and ultimately fail to deliver the desired benefits because of this. Typically a system is rolled out successfully (i.e. on time) but it quickly degrades and information chaos ensues leaving users frustrated, information difficult to find and impossible to manage. In all likelihood you’ll end up with another project to put it right in a couple of years.

This situation can been avoided.

Proper thought must be given to understanding where you are and what you information landscape looks like. How can you build a system to manage your information if you don’t know what you’re intending to manage?

You must develop an information strategy so you know what you want to achieve and how you are going to go about it.

You must take time to design an information architecture that meets the needs of your users. This is vital to enable you to organise, describe and link information and the key to the efficient and effective use and management of your information.

And don’t forget about putting in place governance – without support, oversight and nurturing your nice new system will quickly end up a chaotic mess.

Remember that rolling out a system that meets a deadline doesn’t mean that you have a successful solution.

Think, plan, design – don’t just ‘do’.