Backs to the cliff-edge

Can you imagine an ostrich, with its head in the ground, backing toward a precipitous cliff-edge? Highly unlikely, I know, but then there’s the UK Parliament…

In the great Brexit debate, the leaders of both the UK’s main political parties appear to be bravely putting party before country. MPs of both parties who are not on one extreme or the other of the debate appear to be suffering from learned helplessness (according to the Positive Psychology Program, “Learned helplessness is a phenomenon observed in both humans and other animals when they have been conditioned to expect pain, suffering, or discomfort without a way to escape it. Eventually, after enough conditioning, the animal will stop trying to avoid the pain at all—even if there is an opportunity to truly escape it!”).

Our only certainty is that the UK leaves the EU on 29 March – because that is already written into UK law. Without a deal (and even the starriest-eyed of leavers now seem to recognise this), the departure is clearly going to have a negative impact on many UK businesses. Absent a major parliamentary upheaval, or our political leaders deciding to put country before party, we’ll be shuffling over that cliff edge in just over a month’s time.

Many organisations are already taking practical steps towards a soft landing. Two areas on which all organisations should focus are cyber security and privacy legislation. Times of national and corporate chaos bring opportunities for cyber attackers of all sorts – and sensible organisations will be taking urgent action to build up their cyber resilience. Equally important, from 30 March, the UK will be a third country under the EU GDPR (General Data Protection Regulation). This has important ramifications for all UK organisations providing services into the EU or processing the data of EU residents.

The ICO (Information Commissioner’s Office) has published guidance for organisations in these circumstances. In essence, this guidance says that organisations need to review policies, contracts and processing agreements, as well as EU representation, in order to ensure that – in this regard at least – trading will legally be able to continue as we transition into this brave new post-Brexit world.

Our law company, GRCI Law Ltd, and our cyber resilience consultants are already working with our clients to help them address these issues.