As has been widely predicted it would appear that the UK will indeed adopt GDPR. The reality is that there would have been no escaping it even post BREXIT, on the premise that it is relevant to data pertaining to any EU citizen. So the chances of being able to remain out of scope would have been fairly marginal for most businesses these days.
So with the UK Government's 'National Cyber Security Strategy' published yesterday, it looks like 2017 is going to be the year when we can all knuckle down with a degree of clarity as to where we might be going.
That said, the key will be prioritisation and for many establishing the gap between where they are and where they need to be come May 2018.
Thinking back to the early days of PCI DSS, it was all about under taking 'gap analysis' exercises to establish what was missing. Then it was reducing scope, effectively getting rid of what was not required and then corralling what was, into much more manageable areas that could be secured and validated as compliant with the standard.
With GDPR, it will be a chance for business to undergo what might well be a long overdue cyber security 'health check'. As I have said a lot recently, as a society we are broadly 'consciously, incompetent' in so much as their is heightened awareness of the cyber risks that exist, but still largely 'out of our depth', when it comes to protecting ourselves adequately. This 'consciousness' will hopefully garner enough interest to ensure that GDPR and its implications are taken seriously.
And as with any 'health check', it needs to be a case of professional diagnosis before one starts taking the prescribed medicine!
In the aftermath of Brexit, the Information Commissioner's Office is planning on releasing a revised timeline that will detail how the UK will adopt and implement the EU's General Data Protection Regulation (GDPR).Information commissioner Elizabeth Denham is pleased with the government's decision to implement the GDPR and believes that it will be the best course of action for the country in terms of adopting better data protection policies. Denham further expressed her position on the subject in a blog post, writing: “I see this as good news for the UK. One of the key drivers for data protection change is the importance and continuing evolution of the digital economy in the UK and around the world.