5 April 2022
Brexit aftermath; compliance and security need to be front of mind
Brexit changed everything
Or did it? The Brexit arguments are now compounded by the economic impacts of first, the pandemic, and second, Russia’s war on Ukraine. Knock-on effects include issues such as recruitment and hybrid working which have impacted HR. The truth is we can’t accurately predict what Brexit means for the UK, long-term.
Something that is clear…
… is that for many, leaving the European Union (EU) hasn’t simplified things. Despite being unable to really measure the impact of the UK’s split from the EU, one thing that is apparent is that there are still increased layers of administration and compliance in some areas for organisations to navigate.
General Data Protection Regulation, commonly known as GDPR was an EU-instigated piece of legislation that came into place in 2018. However, Britain leaving in 2020 didn’t mean the end of GDPR – instead, it just became ‘UK GDPR’. See our GDPR blog article.
This means there’s essentially no relaxing or significant change to what organisations must do to comply. There is still a lot of work to do and for many, it’s quite daunting. The key regulatory documents underpinning these changes and considerations have stringent rules when it comes to storage, retention and deletion of data and information. See also the Information Commissioner’s Office guide to UK GDPR.
Leaving the EU has, in fact, added layers of work and complexity – particularly for businesses who import goods. There are also major changes to right-to-work laws.
Businesses must comply
It really is as simple as that. Essentially, organisations need to establish that when they retain personal data they are doing so lawfully, fairly and transparently. The risks of not complying are significant. In 2019 Marriott was fined £18.4M and British Airways £18M – both for lapses in IT security / data protection.
“Personal data is precious and businesses have to look after it. When a business fails to look after customers’ data, the impact is not just a possible fine, what matters most is the public whose data they had a duty to protect.” – Information Commissioner, Elizabeth Denham on the Marriott breach.
Organisations of all shapes and sizes from different sectors and industries must be vigilant. Significant fines are one thing – but they also need to be prepared for the reputational damage they’ll likely suffer as a result of publicised breaches.
The Marriott and British Airways fines were applied under EU legislation. However, while the maximum fines under UK GDPR have been reduced the figure is still an eye-watering £17.5M or 4% of annual turnover – whichever is greater. To learn more about penalties read this.
And with the West’s response to Russia’s war on Ukraine it’s worth remembering that now more than ever we are at risk of cyber-attacks.
Secure document management and storage supports compliance
Organisations can initiate a number of measures to help ensure compliance. Dr Niels Beisinghoff outlines some key things to consider in the post-Brexit world.
Underpinning really effective compliance is document and data security. Tackling this with an internal ‘patch’ or ad-hoc approach is unlikely to provide the level of security or peace-of-mind most organisations need. A more rigorous, all-encompassing approach is required: the implementation, integration and adoption of a data and document management system.
So, what’s needed? In no particular order, organisations need to be looking at systems that deliver peace-of-mind around the security of storage. They also need to consider easy access – across many locations, access controls, search functionality, audit trails and an auto retention and data deletion process.
Businesses must also consider the potential time savings and ability to free-up employees to work on other projects.
What next?
Determine what your organisation needs. Look at where you might be exposed, where there are potential risks. Then consider the solutions. Your document management and storage processes need to comply with relevant industry and/or legislative requirements.
As well as the benefits gained from driving efficiencies, it’s important for organisations to automate as many processes as possible to reduce the additional administration burdens Brexit has created.
iTrent Document Manager is solving this issue for many large businesses and organisations across different industries and sectors. It provides a solid foundation on which to build a secure document storage strategy. In addition to enhanced security elements, users will benefit from:
- Reduced administrative tasks.
- Improved efficiencies.
- Automation of workflow processes.
- Improved information flow between teams.
- Adherence to regulatory and compliance requirements.
- Increased physical space (reduced need for filing cabinets etc).
- Compatibility across different file types.
- Centralising of digital records.
- A reduced carbon footprint.
Find out more here about putting your document management in safe hands.