A leading analyst firm has urged CISOs in Britain to focus on three key areas to moderate the fallout from Brexit. Whatever the outcome of the UK’s departure, security bosses must carefully take action to maintain unobstructed international data flows and manage the potential staffing and regulatory challenges. This is what Forrester senior analyst, Paul McKay says.
McKay also warned that a no-deal Brexit would make the current equivalence between the UK and EU’s data protection regimes invalid. In fact, it would create barriers to data transfers that would otherwise be effortless.
“We recommend that CISOs and DPOs start looking into alternative means now for guaranteeing the legal basis for their international data flows between the UK and EU,” he urged. “This can either be through model clauses or a binding corporate rules program, for example, which are already widely used for transfers outside of the EU.”
Putting the organisation first
CISOs should also aim to reassure and support any EU citizens on within the organisation, some of whom might require assistance with keeping their citizenship. What’s more, recruitment will become quite a challenge.
“Restrictions on the numbers of EU citizens entering the UK and vice versa are generally expected, so review your operating model carefully to mitigate the impact that restrictions on freedom of movement could bring to your security organisation structure and headcount deployment,” said McKay.
“In addition, consider the implications for business travel for any service providers and staff supporting you from outside of your main headquarters locations.”
Laws and regulations
Finally, there is the responsibility of following EU laws, PSD2, GDPR and NIS Directive to report breaches to wherever it may be relevant. McKay urged UK CISOs to regularly review and update their reporting lines as things change. They should also keep their incident response plans and operational processes up to date.
Join us for BDA 2019
Our 16th biannualconference will explore the current climate and future projections for the environment at the strategic, enterprise-wide level, how to mitigate ethical and privacy issues, innovations in people and processes, and highlight best practice in digital transformation and becoming a data-driven organisation.