4 Brexit Considerations for your IT

With the Government publishing official Brexit guidance, we take a closer look at 4 items likely to be important for the technology of UK businesses:


 

  • .eu Domains

For UK businesses using .eu registered domains, it’s expected that these will not available for purchase or renewal after April 2019.

Official Government guidance is for businesses to purchase .co.uk, .com and/or .uk versions of important domains, and re-direct traffic in case of a ’No Deal’. Such action is likely to be more challenging for domain-linked services such as email.

This is also a difficult prospect for the unprepared: .com domains alone outnumber their .eu counterparts almost 40-1, so UK businesses may find themselves in a race to grab vital digital real-estate. Web developers and marketing teams might also have built significant reputational presence for the .EU versions of their company websites, and won’t relish the prospect of having to start over.

 

  • Mobile Roaming

UK Mobile users abroad currently benefit from EU roaming regulations that limit mobile operators to a default data usage cost of €50, with alerts generated as the mobile user approaches the roaming limit.

Official Government guidance states that in the event of a Deal this limit would continue during the ‘implementation period’ so mobile workers abroad would temporarily be protected against high roaming costs after 1st April.

roaming after brexit

In the event of ’No Deal’ outcome, EU roaming regulations would no longer applies to UK mobile users abroad, and restrictions on how much European mobile operators could charge roaming UK mobile users would be removed.

The Government states UK networks will soon be bound by new UK laws upholding the same financial penalties for their roamers abroad – although these UK-based networks are ultimately responsible for whether roaming services are available via foreign networks. Mobile users working internationally need to be wary when consuming mobile data abroad after 1st April 2019.

 

  • Data Sharing

Whether UK businesses can access customers’ (or any) personal data from the EU will be determined by an ‘Adequacy Decision’ taken by the European Commission; deciding whether UK data protection rules are sufficiently close to those of the EU for data transfers to be permitted.

The UK formally adopted the EU’s ‘General Data Protection Regulation’ (GDPR) during 2018 and will retain this beyond April 2019, suggesting that a common framework for a company’s ‘Legal Basis’ to process personal data is likely. However, the EC have stated this decision will not be taken until the UK leaves the EU.

Government guidance suggests companies dealing with any personal data from the EU, or with operations abroad, proactively seek legal advice to ensure they continue to be legally watertight when transferring data internationally after 1st April.

 

  • Geo-Blocking

‘Geo-blocking’ certain customers online based on their location is currently not permitted, but this restriction will effectively be lifted after 1st April – for UK trading businesses.

This affects many online retailers: for example those who deliver goods ordered online, online services (such as streaming or cloud hosting) or take bookings for services at physical locations (such as ticketing.)

UK businesses trading to the EU will still be expected to uphold EU rules – for example offering the same service to both French or German customers.

However, the lifting of Geo-blocking restrictions effectively opens the door for UK-based online retailers to offer different services to different UK customers, or UK customers when compared to EU customers. Businesses are still advised to seek independent legal guidance for any variations to their service.

 

Businesses can access GOV.uk’s recommended Brexit guidance specific to their business sector here: https://www.gov.uk/prepare-business-uk-leaving-eu


773 Million Email Addresses Breached Online

Online Security breach website HaveIBeenPwned.com has detected the largest online breach of email addresses to date – nearly 773 million unique emails.

The 87GB of breached personal data, publicised by Microsoft Regional Director and cybersecurity expert Troy Hunt, was spotted last week via online file-hosting website MEGA under the ominous name “Collection #1”, and has now been removed.

The data itself, believed to be a terrifying aggregation of a large number of previous smaller data breaches, also contained more than 21 million identifiable plain-text passwords.

More than 140 million of the email addresses identified have never been seen before by HaveIBeenPwned.com, suggesting some of the personal data may originate from as yet undiscovered breaches.

Those affected by the breach are advised to change their passwords immediately, to prevent criminals potentially exploiting the data to access other online services where the user has registered with identical login credentials.

You can check if your email(s) (and potentially passwords) have been breached among the 773 million by clicking here.

For IT support and cybersecurity expertise, contact Lineal about your requirements today.


Top Picks: Best GDPR Resources

Be honest, you’ve read some truly useless things online about GDPR. We all have.

The problem isn’t one of enthusiasm: more and more companies are recognising the impending deadline of the new data protection regulations and acting to implement best practice.

There is, of course, a growing industry of consulting firms and data protection advisers trading on businesses’ lack of expertise and frequently, fear of being left behind. Most organisations begin preparing with a spot of Googling, some light reading, and a bit of browsing online GDPR help articles written by experts.

However, the real experts can’t divulge too much free advice (otherwise why contract their services?) thus much of the available articles and blog posts are deliberately vague. The conundrum has already spawned some unfortunate attempts at humour, but doesn’t really help companies attempting to put in place GDPR compliant policy.

All is not lost: there really is some genuinely useful  guidance out there – here are our pick for some of the best GDPR resources:

 

ICO: Eight Practical Steps

ico eight practical GDPR steps

The Information Commissioner’s Office original ‘eight practical steps’ presentation is a series of slides that are exceptionally clear, and can be worked through in stages. A more recent, formal ’12-step’ version also exists, for a more conceptual understanding of the new regulations.

 

GDPR Readiness Assessment from Microsoft

Microsoft GDPR quiz

A little technical at times, this quick quiz is a useful way of thinking further about protection policy, particularly around access control. For further information on how Microsoft can assist with GDPR in the cloud, look for the blue button in the top right hand corner.

 

ICO Helpline

ICO GDPR helpline

The ICO has a little known helpline via which small businesses and charities can consult a member of ICO staff for extra advice – details of which can be found above.

 

IT Governance Compliance Gap Assessment Tool

IT governance GDPR compliance gap assessment tool

Always a strong source of IT expertise and policy, IT Governance have developed a range of ‘Toolkits’ to assist data protection officers and those implementing GDPR within their organisations. These range from the simple £60 compliance gap assessment tool (a handy Excel Spreadsheet you can work through) to more expensive implementation packs and data flow mapping tools.