Almost 20% of healthcare organisations have cancelled preparations for EU General Data Protection Regulation because of Brexit.
The regulation, which has been in the pipeline for some years, is designed to harmonise data protection regulation throughout Europe and provide citizens with more control over their personal data.
It has been ratified by the UK and is due to come into force in May 2018; almost certainly before Britain completes its exit from Europe, despite the recent triggering of Article 50.
However a survey of IT decision makers in healthcare by information management experts Crown Records Management has revealed some shocking results.
The research demonstrated that:
– 18% have cancelled all preparations because of Brexit.
– 27% think the regulation will not apply to UK business after Brexit.
– 9% don’t even have plans for staff training on data protection.
John Culkin, Director of Information Management at Crown Records Management, believes the results are alarming.
“For so many organisations and Trusts in the healthcare sector to be cancelling preparations is a big concern because this regulation is going to affect the industry in a big way. Firstly, it is likely to be in place before any Brexit. Secondly, although an independent Britain would no longer be a signatory it will still apply to all businesses which handle the personal information of European citizens.”
Culkin also suggested that Brexit would inevitably impact upon the NHS.
“When you consider how many EU citizens live in the UK it’s hard to imagine many businesses here being unaffected, especially in this sector. The potential in NHS Trusts for information to go missing is pretty obvious and when you consider the EU GDPR will bring in huge potential fines for data breaches this simply cannot be ignored.”
UK officials and politicians were heavily involved in the drawing up of the new regulation and Culkin believes the general principles behind it are set in stone.
“The reality is we are likely to continue to see stringent data protection in an independent UK rather than a watered down version. Our survey revealed that at least half of companies across the board saw Brexit as an opportunity for Britain to position itself as the safest place to do business through even more robust legislation.”
Culkin also cited known figures related to the healthcare sector.
“In fact, this premise was also supported in the healthcare sector with 32% calling for more robust data protection in an independent UK. This means the best course is to prepare now and have a watertight information management system in place as soon as possible. This issue is not going away.”
The EU GDPR will bring in massive fines for data breaches – as high as 20million Euros or up to 4% of global turnover – as well as new rules to ensure privacy is designed in to data policies.
New rights for citizens to ask for their personal data to be edited or deleted will also be included.