The UK’s Secretary of State for Science, Innovation, and Technology, Michelle Donelan, has announced the UK-US Data Bridge will come into action on 12th October, 2023. These regulations are designed to improve data sharing between the two nations, granting UK businesses the freedom to send personal data to certified US organisations with reduced restrictions and bureaucratic implications.
Vivek Dodd, CEO of Skillcast, a corporate compliance training service, believes this could be a huge benefit for UK businesses, commenting:
“These regulations could provide significant advantages for businesses of all sizes, particularly SMEs, as simplifying the data-sharing processes while maintaining robust data protection standards will facilitate smoother and more efficient business operations.”
He adds, “The data bridge will reduce hurdles associated with international data sharing while ensuring the privacy and security of sensitive information. This will, in turn, create new opportunities for SMEs, enhancing innovation and growth—a crucial advancement in the evolving world of data.”
Given the UK-US Data Bridge, Skillcast has broken down and simplified the existing reports, with a focus on assisting SMEs in preparation for the proposed changes:
Why is the Data Bridge Important for SMEs?
-
Streamlined Data Transfer – SMEs often collaborate with US partners or clients. The data bridge makes it easier and quicker to share data, supporting your business operations.
-
Safety First – The UK and US have worked together to ensure that the data sent across the bridge is protected. You can have confidence that your customers’ sensitive information is in good hands.
-
Research Opportunities – If your business is involved in research, particularly in fields like healthcare or technology, this data bridge can facilitate the exchange of critical information, fostering innovation and advancements.
-
Enhanced Services – For SMEs offering services or products, the data bridge paves the way for better, more tailored offerings for your customers.
Privacy and Security
While the data bridge simplifies the process of sharing data with US organisations, UK SMEs must remember that they still have obligations under UK data protection laws, especially when handling sensitive data. The data bridge ensures that these high standards of protection and privacy are maintained when data crosses the Atlantic.
If you are concerned about compliance gaps within your own business, visit the Skillcast site for further information on compliance audits and training.
COMMENT FROM PROTEGRITY
Paul Mountford, CEO of Protegrity on new UK/US data bridge
“Transatlantic data flows underpin more than $7 trillion in cross-border trade and investment per year, so we’re all for any agreement that enables the free flow of data between nations,” said Paul Mountford, CEO of data security and privacy company Protegrity. “That said, we think there’s real risk to any business that relies solely on the new data bridge, or any privacy framework for that matter, given that privacy advocates are sure to challenge them, and the regulations themselves are in a constant state of flux. For businesses looking to operate on a global scale, this new data bridge is a great start, but leaves many other parts of the world untouched.
“To better prepare for a global operations approach, businesses can build resilience against this increasingly volatile and fragmented regulatory landscape by implementing technology controls such as pseudonymisation. Recommended by the European Data Protection Board for secure and compliant data processing, pseudonymisation renders sensitive data unrecognisable, and therefore utterly useless, in the wrong hands. It significantly reduces third party, data supply chain, and cyber breach risks as well. Thus, it not only plays a valuable role in helping mitigate data protection risk, but it can also effectively future proof an organisation’s data flows.
“Without a doubt, businesses that can accelerate the free flow of data and the adoption of new technologies will be market disruptors. They will innovate faster, compete more effectively, and nimbly deliver new sources of revenue. When done right, data privacy not only delivers compliance, but also generates better trust.”
CONGA COMMENT
Charlie Bromley-Griffiths, Corporate Counsel at Conga outlines how businesses should approach this:
“This sets the tone for the future of business. From here onwards, enterprises will need to be scrupulous with their data management and ensure they have the right measures in place to comply with the new regulations. A lot has changed in the last year, with the Electronic Trade Documents Act, NI Protocol data sharing agreement and the Schrems II legislation all coming into effect, organisations will need to review their data architecture and contract clauses with their customers and partners. For example, Schrems II required businesses to carry out risk assessments before transferring data from the EU and EEA to countries that aren’t deemed adequate, complying with new international data transfer regulations. Since then, businesses have had to put a whole range of new processes in place to comply with export jurisdictions, execute transfer impact assessments and establish new cross-border data flows.
“Enterprise leaders have huge digital transformation projects ahead of them. Businesses – if they haven’t already – will have to review their internal operations and systems of record to ensure all data flows between teams and their systems are aligned. It is the only way to ensure that all personal data transfers are lawful and compliant. Businesses will have to remain vigilant for the road ahead, as this could be the first of many changes to come. Leaders should be building their tech stack and anticipate change rather than respond to it, to ensure they are fully prepared for all outcomes. The data landscape is constantly evolving and risk comes with every contractual agreement or data export.
“Naturally, short-term technology spending is expected to increase, with leaders ramp up their digital change programmes to keep up with these new regulations. Businesses need to be careful here, digital transformation programmes of this size are incredibly complex and they cannot afford to keep redesigning or remodelling their data architecture or systems. Instead, enterprises should approach this strategically and adopt one digital tool at a time in a phased manner – especially when it comes to scaling these solutions across their organisation. If data is siloed or disconnected between departments, it can impede overall operational efficiency and result in considerable revenue and data leakage. Or, worse, as these new regulations suggest, serious fines or compliance issues. It is vital that leaders review their internal structures and ensure all data is accurate and accounted for before sharing it with third parties.”
Be the first to comment