Tag Archives: impact of Brexit

A digital identity crisis: is slow progress costing citizens and business?

Posted on by

A steel padlock on a brown wooden gate

By Steven McGinty

The government’s flagship digital identity programme, GOV.UK Verify, has not been short of problems lately. However, news that benefit claimants have been unable to register for the new Universal Credit (UC) because of problems using the service highlight that its failings are having real-world consequences.

In February, government statistics showed that only 30% of claimants were able to use GOV.UK Verify – well below the projected 80%. Further, research in the London Borough of Croydon found that even with one-to-one support only one in five people could prove their identity.

A history of problems

Problems were identified in the National Audit Office’s Digital transformation in government report in March 2017. The NAO found that the service, which was expected to simplify how citizens verified their identity to government agencies, had missed its initial launch date of 2012. Instead, only nine out of twelve services had been launched four years later in 2016.

Government departments who were expected to come on board have also thought twice. In December 2017, NHS England’s chief digital officer Juliet Bauer announced that they’d be developing their own digital identity system (although did suggest that GOV.UK Verify may be used for services which have less sensitive information). Similarly, HMRC announced last month that they will develop their own identity service – based on their 15-year-old Government Gateway Service – with rumours suggesting they have no confidence in the government’s solution.

With this backdrop, it’s unsurprising that Civil Service Chief Executive and Cabinet Office Permanent Secretary John Manzoni has brought in management consultancy McKinsey to conduct a review into how digital identity could work within the public sector.

Community Weekly’s Editor in chief, Bryan Glick, suggests this review could lead to a fundamental rethink and the introduction of ‘Verify Compliant’. He explains that:

Verify could become a brand name, rather than a product produced by GDS. That brand name will encapsulate a set of digital identity standards, for use across the public and private sectors. If you want to be part of the UK’s digital identity infrastructure, you need a product that is “Verify compliant”.

The impact of Brexit

David Bicknell, editor at Government Computing, suggests that Brexit preparations have pushed the transformation strategy – including GOV.UK Verify – off the agenda.

However, Government Digital Service (GDS) director general Kevin Cunnington has a different take on things. In his view, the GDS is continuing to deliver improved digital services, highlighting that GOV.UK Verify is available to local councils and is used by the Land Registry to support their new digital mortgage service.

Why the UK needs to tackle digital identity

People are increasingly using digital services to shop online, pay bills, and to interact with different levels of government. However, even though technology has dramatically changed, much of how people prove their identity is still paper based. For instance, paperless bank account holders still have to request paper documents to prove their address (possibly at an additional cost).

New industries such as the sharing economy, which includes the likes of Airbnb and Uber, rely on secure digital identity verification. Government has a responsibility to lead from the front and protect this ever-growing number of customers. For example, Airbnb customers across the world have experienced thefts from properties from criminals using false identification.

More generally, there has been a rise in identity fraud. According to fraud prevention charity Cifas, this now represents the majority of all fraud cases (approximately 56% in the first six months of 2017). An inability to verify identity is likely to have contributed to this increase.

In addition, many people are financially and socially excluded by a lack of photographic identification ID such as a passport or a driver’s license – particularly those from low income backgrounds or who have been in prison. This lack of ID can act as a barrier when applying for government benefits or financial services.

Gunnar Nordseth, CEO at digital identity provider Signicat, also argues that a failure to introduce a digital identity scheme could have serious consequences for the UK’s financial industry (especially the emerging fintech sector). He explains that GOV.UK Verify isn’t ‘fatally flawed’ but needs to be more ambitious, observing that:

Unlike other European digital ID schemes GOV.UK Verify is limited to the public sector, does not support financial services and is not interoperable with its continental counterparts.”

Final thoughts

Tackling the digital identity crisis won’t be easy. But recent statements acknowledging the challenges of GOV.UK Verify and the calling of a review suggest the Government Digital Service (GDS) are listening to concerns.

However, this time for reflection mustn’t last too long. Getting digital identity right has the potential to improve services for citizens, create efficiencies in government and business, and ensure the UK’s place as a world leader in the burgeoning digital economy.

The Knowledge Exchange provides information services to local authorities, public agencies, research consultancies and commercial organisations across the UK. Follow us on Twitter to see what developments in policy and practice are interesting our research team. 

If you found this article interesting, you may also like to read our other digital articles.

Science, technology and innovation: the impact of Brexit

Posted on by

Scientist working with a large cylinder-shaped piece of lab equipmentBy Steven McGinty

There have been many twists and turns in the Brexit story. The latest, has been Theresa’s May’s failed attempt to increase her parliamentary majority and gain a personal mandate for negotiating her own version of Brexit.

However, since the UK voted to leave the EU in June 2016, STEM (science, technology, engineering and maths) researchers and professionals have consistently voiced their concerns over the potential negative impacts of Brexit, particularly in areas such as funding, collaboration and skills.

Prospect – a union for 50,000 scientists, engineers and technical specialists – has made it clear that they believe:

Science is an international endeavour and continued free movement of people is vitally important both to the public interest and the wider economy.”

Their research highlights that British participation in prestigious Europe-wide research projects could be under threat, such as the mission to find the ‘oldest ice’ in Antarctica and the European Space Agency’s project to develop the most ambitious satellite Earth observation programme.

The Financial Times also highlights that British researchers have been very successful at winning important grants from the European Research Council. As a result, the UK receives 15.5% of all EU science funding – a disproportionate return on the UK’s 12% contribution to the overall EU budget.

Professor Dr Carsten Welsch, an academic from Liverpool University, underlines how essential EU funding is to his work: “in some years as much as 80% of our funding has been sourced from the EU.

Figures from technology consultancy Digital Science suggest that leaving the EU could cost UK scientists £1bn per year.

Universities UK has also investigated the wider economic impacts of EU funding in the UK. In 2016, their research found that EU funding generates more than 19,000 jobs across the UK, adding £1.86 billion to the UK economy. Later research has also shown that international students and their visitors generate £25.8 billion in gross output for the UK economy. In addition, as a single group, they add £690 million to the UK retail industry.

What do the politicians say?

With their ‘Save our Scientists’ campaign, the Liberal Democrats have been outspoken in their support for continued scientific co-operation across Europe. Their 2017 General Election manifesto stated that they would underwrite funding for British partners in EU-funded projects such as Horizon 2020 – the largest ever EU Research and Innovation programme – worth nearly €80 billion in funding. It also promised to protect and raise the science budget by inflation, and stop cuts to medical research.

But the UK government has also made efforts to lessen the concerns of STEM researchers and professionals. Similarly, Chancellor Philip Hammond has guaranteed to underwrite EU funding won by UK organisations through programmes such as Horizon 2020, even if these projects continue after Brexit. On the 17th January, Prime Minister Theresa May outlined her 12 objectives for negotiating the UK’s exit from the EU. Within this speech, she stated that:

We will welcome agreement to continue to collaborate with our European partners on major science, research and technology initiatives, for example in space exploration, clean energy and medical technologies.”

Jo Johnson, Minister of State for Universities, Science, Research and Innovation, has also tried to provide reassurance by emphasising the important role for science and innovation in the government’s industrial strategy. He has highlighted that the strategy includes £229 million of funding for a ‘world class’ materials research centre at the University of Manchester and a centre for excellence for life sciences. In addition, a new funding body will be created – UK Research and Innovation (UKRI) – which will bring together several funding councils to create a ‘loud and powerful’ voice for science.

The House of Lords Science and Technology Committee has also published a report arguing that positive steps should be taken to ensure UK science plays a significant role in the global economy. One idea put forward by the report is that:

The UK should offer to host – in partnership with governments and funding bodies from other countries – one or more new, large-scale international research facilities. This would be a bold move to signal the UK’s global standing in science.

International partners – David Johnston Research + Technology Park

At a recent innovation event in Glasgow, Carol Stewart, Business Development Manager of David Johnston Research and Technology Park, set out the thoughts of researchers and companies based at their innovative research park in Waterloo, Canada. Unsurprisingly, their key concern was restrictions on the free movement of labour, and the impact Brexit might have on the EU-Canada Comprehensive Economic and Trade Agreement (CETA).

However, Ms Stewart was positive that there would still be plenty of opportunities, noting that the UK and Canada has a relationship as part of the Commonwealth, and that London will still be regarded as a global technology hub.

Overcoming negative sentiment

One important concern is that there is widespread anecdotal evidence that EU nationals are feeling less welcome. Stories of researchers either leaving positions or citing Brexit as a reason for not taking up posts in the UK are becoming the norm. Anxieties caused by a lack of clarity over the long-term status of EU nationals and the complexities in obtaining permanent residency, can only be damaging to the UK’s reputation for international science.  As physicist and TV presenter Professor Brian Cox explains:

We have spent decades – centuries arguably – building a welcoming and open atmosphere in our universities and, crucially, presenting that image to an increasingly competitive world. We’ve been spectacularly successful; many of the world’s finest researchers and teachers have made the UK their home, in good faith. A few careless words have already damaged our carefully cultivated international reputation, however. I know of few, if any, international academics, from within or outside the EU, who are more comfortable in our country now than they were pre-referendum. This is a recipe for disaster.

With the latest election results, the UK is likely to go through a period of political instability. It will be important  that, regardless of political changes, the UK continues to exercise its role as a leader in science, technology and innovation. That not only means providing funding and facilities for research, but also rebuilding the UK’s reputation as a place where the very best scientists and innovators want to live and work.

Follow us on Twitter to see what developments in public and social policy are interesting our research team.

If you found this article interesting, you may also like to read some of our other articles:

General Data Protection Regulation (GDPR): what the public sector needs to consider

Posted on by

Graphic design image: three padlocks in front of a futuristic city.

By Steven McGinty

In March, the Information Commissioner’s Office (ICO) published the results of a survey into local government information governance as part of their preparations for the General Data Protection Regulation (GDPR), which comes into force on 25 May 2018.

Although the ICO notes that many local authorities have good data protection policies, there are still councils where work needs to be done. The survey findings include:

  • A third of councils do not undertake Privacy Impact Assessments (PIAs)
  • 26% of councils do not have a data protection officer
  • 50% do not require data protection training before accessing systems

Under the new GDPR the above findings could constitute a breach, and result in the ICO taking action against the offending council. Recently, the ICO fined Norfolk County Council £60,000 (under the Data Protection Act) for failing to dispose of social work case files appropriately.

What impact will Brexit have on the GDPR?

The UK Government has finally triggered article 50 of the Lisbon Treaty, starting the process for leaving the European Union (EU). However, this does not mean that the UK will escape the European Commission’s GDPR. Digital minister, Matt Hancock, has confirmed that it is in the UK’s best interests to ensure the ‘uninterrupted and unhindered flow of data’, stating that the GDPR would be fully implemented into UK law, even after we leave the EU.

Is the public sector exempt from the GDPR?

There have been reports that some public sector bodies believe that they are exempt from the GDPR. This assumption is based on the regulation’s special conditions and derogations, which allow member states to restrict the GDPR’s scope to safeguard the public interest (some countries, such as Denmark, already have exemptions for public sector bodies). Additionally, fining a public sector body has also been viewed as making little sense – taking from one public sector budget and placing it in another.

However, both of these assumptions are flawed. As the GDPR has been designed to enhance the rights of EU citizens, it would be against the spirit of the regulation to introduce blanket exemptions for the public sector. And it is certainly not unheard of for regulators to fine public bodies, such as the recent Norfolk County Council case, or the Hampshire County Council case in August 2016, where the council was fined £100,000 by the ICO for leaving social care case files in a disused building.

How does the GDPR differ from the Data Protection Act?

The GDPR has been described ‘as the most important change in data privacy regulation in 20 years’, providing greater rights to citizens and harmonising data privacy laws across Europe. However, to achieve this, new requirements have been placed on organisations. These include:

  • Personal dataArticle 4(1) of the GDPR includes a broader definition of ‘personal data’ than previous legislation. It states that any information relating to an individual which can be directly or indirectly used to identify them is personal data. Specifically, it refers to ‘online identifiers’, which suggests that IP addresses and cookies may be considered personal data if they can be easily linked back to the person.
  • Privacy by designThe concept of ‘privacy by design’ is not new, but Article 23 of the GDPR makes this a legal requirement. In essence, it means that public sector bodies will have to consider data protection at the initial design stage of product development. This could involve adopting technical measures such as pseudonymisation – the technique of processing personal data in such a way that it can no longer identify a particular person.
  • Data Protection Impact Assessments (DPIAs) – As the ICO’s research highlights, a third of councils do not undertake any form of privacy impact assessment. From May 2018, public sector organisations will have to carry out DPIA’s for certain activities such as introducing new technologies and when processing presents a high risk to the rights and freedoms of individuals. In the latter case, organisations will need to consult the ICO to confirm they comply with the GDPR.
  • Appointment of a Data Protection Officer (DPO)Article 35 of the GDPR states that public bodies must have a designated Data Protection Officer. This can be an existing employee, as long as there is no conflict of interest, or a single DPO can represent a group of public sector bodies. As the ICO research suggests (26% of councils do not have a DPO), this is one of the main areas where councils need to improve.
  • Data portability– Public sector organisations must ensure that personal data is stored in a ‘structured, commonly used and machine readable form’, so that individuals can transfer data easily to other organisations. For instance, suitable formats would include CSV files.
  • Strengthening subject access rights– Individuals can now request access to their data for no cost and must be responded to within 30 days (this is a change from the Data Protection Act which requires a £10 fee and there is 40 days to respond). For complex cases, this can be extended by two months. However, individuals must be notified within one month and be provided with an explanation. These requests could prove time consuming and costly for public sector bodies, and as such, supports the case for introducing digital services that allow individuals access to their data.
  • Right to be forgotten – The right to erasure (its official name) allows individuals to ask an organisation to delete all the information held on them – although this would not apply if there was a valid reason to hold that data. This principle was established in the high profile case involving technology giant Google.
  • Failing to comply and breaching the GDPR – When there is a breach, public sector bodies will have an obligation to inform their national regulator (the ICO in England) “without undue delay and, where feasible, not later than 72 hours after having become aware of it.” These requirements could present challenges for public sector bodies, who are often engaged in providing vital public services with limited resources. However, policies will have to be introduced to ensure breaches can be reported promptly, particularly as the new penalties for data breaches are significant, with public sector bodies liable for fines of up to €10,000,000. In addition, individuals also have the right of redress and may seek compensation if they feel their rights have been breached.

What should public sector bodies be focusing on?

Although May 2018 may seem a long time away, the ICO research suggests some local councils (and the wider public sector) need to make several changes to ensure compliance with the GDPR.

Most importantly, organisations need to start reviewing the new regulation and considering how it applies to them. Evidence of a clear strategy – including the appointment of a Data Protection Officer, the use of privacy impact assessments, and staff training – will go a long way towards demonstrating an organisation’s intent to comply with the GDPR.

Follow us on Twitter to see what developments in public and social policy are interesting our research team. If you enjoyed this article, you may also be interested in: 

Scotland’s space sector: a launchpad for economic growth

Posted on by

Discovery space shuttle on launchpad

By Steven McGinty

In March, the UK Space Agency announced it had awarded £50,000 to the University of Strathclyde’s Scottish Centre for Satellite Applications (SoXSA) for its work with Glasgow City Council to attract entrepreneurs and start-ups to Glasgow’s innovation hub, Tontine.

Six companies will benefit from the support, which includes space industry specific business support, dedicated workshops and expertise, and administration and accommodation costs for two years.

The award is another sign of faith in Scotland’s burgeoning space industry, which has seen it become a global leader in the ‘New Space’ economy.

The development of New Space

The space industry, like many other technology fields, has been traditionally dominated by nation states, often in terms of national security.

But now, a new space industry is emerging, where private companies and entrepreneurs are developing innovative products and services in or for space. Reasons for this include reductions in funding to national space agencies, such as Donald Trump’s recent cuts to NASA, as well as the private sector’s success in innovation. For example, the company Space X has managed to launch rockets that had previously been into space – a practice which has been estimated to reduce the first stage of space flight from $60 million to $500,000.

Scotland’s role

Within a few miles of Glasgow’s city centre, a small number of research groups and private companies have gained international reputations for their work on space technologies.

For instance, Glasgow – a city more known for its heavy industries and shipbuilding – has found a niche in manufacturing low cost nanosatellites. This has led to Glasgow being crowned ‘Europe’s Satellite City’.

Glasgow’s first satellite company, Clydespace, has been tremendously successful over the past decade by developing CubeSats (a satellite the size of a wine bottle). These have been used in a range of missions, including UKube-1, the first mission to be commissioned by the UK Space Agency as a demonstrator for space technologies.

The city has also seen investment from Spire Global – a satellite powered data company headquartered in San Francisco. Spire’s satellites, which are used to gather data on weather, maritime, and aviation, were built by Clydespace. Peter Platzer, CEO of Spire, explains that:

We have up there about 20 satellites, all exclusively built here in Glasgow.”

Mr Platzer highlights that Scotland’s confidence in Spire was one of the reasons that they opened their European office in Glasgow’s Skypark. The company received a £1.5m Scottish government grant through the agency Scottish Development International (SDI).

Scotland’s low cost base and universities with strong interests in engineering and space technologies were also highlighted as key selling points.

Young innovators have also sought to get involved in Scotland’s space sector. For example, Tom Walkinshaw, founded Alba Orbital from his bedroom when he was unable to secure a job in the space industry. His company provides PocketQube satellites (based on a design of one or more 5cm cubes) and now employs 10 skilled employees. Alba Orbital’s first satellite, Unicorn-1, is backed by the European Space Agency and is due for launch later in the year.

In academia, the University of Glasgow’s LISA Pathfinder team won the 2016 Sir Arthur Clarke Award for “Space Achievement in Academic Research or Study”. The award was given for the team’s work on developing the Optical Bench Interferometer (OBI) for the European Space Agency’s LISA Pathfinder spacecraft – a demonstrator aimed at measuring gravitational waves in space.

The future of Scotland’s space economy

A report by London Economics investigated the potential benefits of a spaceport in Scotland.

Prestwick Airport in South Ayrshire and Machrihanish, near Campbeltown, are currently competing to win a licence from the UK Government.

London Economics have set out three main advantages to having a local spaceport:

  • Spaceport operations – The activities associated with a spaceport will lead to the direct creation of jobs in commercial spaceflight or providing satellite launches, as well as indirect benefits for local suppliers.
  • Space tourism – Tourists visiting space stations or taken part in space travel are also likely to spend money in the surrounding areas and on other attractions.
  • Space-related education – Spending will increase on research and development due to the creation of a spaceport.

Tom Millar, managing director of DiscoverSpace UK, has also stated that sending small satellites into space would be a ‘viable revenue stream’. A local spaceport would reduce the costs for Scottish satellite companies as at the moment they currently have to ‘piggyback’ onto launches with larger satellites.

The report concludes by finding that a spaceport in Scotland would increase growth from 9% to 10% of the UK’s space economy in 2030.

The implications of Brexit

The results of the 2016 EU Referendum has caused uncertainty for the Scottish space sector. For example, many companies will be concerned for the rights of EU national employees, as well as their ability to recruit from this workforce in the future.

The Financial Times has also reported that changes in terms could keep UK companies out of lucrative European space contracts, such as the €10bn Galileo satellite navigation system. The European Commission are looking to change the terms of the Galileo project so that contracts can be cancelled if a company is not based in a member state. They also require companies to pay the costs of finding a replacement. If these terms are approved, it would effectively rule out UK-based companies bidding for EU projects, which would have a negative impact on the sector’s growth.

Final thoughts

Scotland’s space sector is estimated to be worth £134 million and accounts for 18% of all UK space industry jobs. Its success has been built on a combination of government support, talented entrepreneurs, and a supply of skilled engineers.

As the industry continues to grow, there will still be an important role for government, particularly in supporting innovation centres and granting licences for UK spaceports. The promotion of STEM (science, technology, engineering and maths) subjects will also be crucial, as we look to develop a new generation of space entrepreneurs to keep us ahead of this new industrial space race.

Follow us on Twitter to see what developments in public and social policy are interesting our research team.

If you found this article interesting, you may also like to read some of our other articles:

General Data Protection Regulation (GDPR): 10 things business needs to know

Posted on by

 

European Union flag with a padlock in the centre.

By Steven McGinty

On 25 May 2018, the data protection landscape will experience its biggest change in over 20 years.  This is because the European Union’s (EU) General Data Protection Regulation (GDPR) will come into effect for all member states. The regulation, which has been described as ‘ambitious’ and ‘wide-ranging’, introduces a number of new concepts, including the high profile ‘right to be forgotten’ – a principle established in a case involving technology giant Google.

Below we’ve highlighted ten of the most important points for business.

Directly effective

The GDPR is ‘directly effective’, which means that the regulation becomes law without the need for additional domestic legislation (replacing the Data Protection Act 1998). However, member states have also been given scope to introduce their own legislation on matters such as the processing of personal data. This may result in some EU states having more stringent rules than others.

Sharing data and monitoring

It also seeks to increase the reach of EU data protection law. Not only will EU-based data controllers and processors fall under the scope of the GDPR, but its authority will also extend to any business which either processes personal data or monitors the behaviour of individuals within the EU.

This will impact businesses who transfer data outside the European Economic Area (EEA). It will be their responsibility to ensure that the country the data is being transferred to has adequate levels of data protection. The most prominent example of this issue was the US Safe Harbour scheme, which was intended to protect European individuals whose personal data is transferred between the EEA and the USA. In 2015, the European Court of Justice ruled that this scheme had ceased to provide a valid legal basis for EEA-US transfers of all types of personal data. It has now been replaced by the Privacy Shield.

Transparency and consent

Greater obligations have been placed on business with regard both to seeking consent for use of personal data and providing detailed information to individuals on how their personal data is being used. The GDPR requires that consent notices are ‘unambiguous’ – not assumed from a person’s failure to respond – and that consent is sought for different processing activities. Law firm, Allen and Overy recommends that businesses review their notices to ensure they are fit for purpose.

Personal data/ sensitive data

Article 4(1) of the GDPR includes a broader definition of ‘personal data’ than previous legislation. It states that any information relating to an individual which can be directly or indirectly used to identify them is personal data. Specifically, it refers to ‘online identifiers’, which suggests that IP addresses and cookies may be considered personal data if they can be easily linked back to the person.

Enhanced rights

New rights and the enhancement of existing rights will require some businesses to improve the way their data is stored and managed. These rights include:

  • Data portability – Business must ensure that individuals can have easy access to their personal data in case they want to transfer their data to other systems.
  • Strengthening subject access rights – Individuals can now request access to their data for no cost and it must be responded to within 30 days (this is a change from the current legislation which requires a £10 fee and there is 40 days to respond).
  • Right to be forgotten – Individuals can request that an organisation delete all the information they hold on them (although this would not apply if there was a valid reason to hold that data).
  • Right to object to processing – Individuals have the right to object to the way an organisation is processing their data.
  • Right to restrict processing – Individuals have the right to request that the processing of personal data is temporarily stopped. This may be invoked whilst a right to object request is being investigated.

Personal data breach

Businesses have an obligation to report breaches to their national regulator, such as the Information Commissioners Office (ICO) in England.  The GDPR requires that notice must be provided “without undue delay and, where feasible, not later than 72 hours after having become aware of it.” This may be challenging for some businesses, particularly if the incident is discovered at the end of the working week.

Failure to comply with GDPR

The regulation introduces two levels of fines. Less serious offences under the regulation will be liable for a fine of up to €10,000,000 or 2% of global turnover – depending on which is highest. However, for more serious breaches, such as a breach of an individual’s rights or a breach during international transfers, a business may be held liable for up to €20,000,000 or 4% of global turnover.

In addition, individuals are also given the right of redress, and those who have had their rights violated may seek to receive compensation. This has led digital marketers to suggest that GDPR could be the next PPI – a practice where insurance was mis-sold to customers, which resulted in a large number of successful claims against financial institutions.

Privacy by design

Technology businesses should also consider data protection at the initial design stage of product development. This could involve adopting technical measures such as pseudonymisation – the technique of processing personal data in such a way that it can no longer identify a particular person. Additional measures, such as policies and programmes, would also show a national regulator’s commitment to compliance with the GDPR.

European Data Protection Board (EDPB)

A new body has been created to issue opinions and to arbitrate between disputes that arise with national regulators.  The board will be made up of heads of national regulatory bodies (or their representatives) and the European Data Protection Supervisor (EDPS), who govern the data processing activities of EU institutions. The opinions expressed by this board may have important implications for data protection legislation.

Impact of Brexit

Evidence suggests some businesses may be delaying taking action until they see the results of the Brexit negotiations. This possibly explains the research by cloud security firm, Netskope, which found that 63% of UK workers have never heard of the GDPR. Similarly, research by Veritas Technologies, a leading information management firm, has found that 54% of organisations have not ensured they will comply with the new GDPR.

However, it would be very surprising if the UK did not ‘mirror’ the protections offered by the regulation, particularly considering the UK’s significant input to the new legislation. Digital minister Matt Hancock has also confirmed that the UK government intends to fully implement the GDPR.

Final thoughts

If businesses already have policy and procedures in place to meet the requirements of the Data Protection Act, then they should have a solid foundation to comply with the GDPR. In many ways, the new regulation simply provides a clear framework for delivering good practice in data protection.

However, all businesses will need to take action to ensure compliance with the GDPR. Otherwise, the financial penalties (as well as reputational damage) of a breach could have serious consequences for their business. And this is not just an IT issue. The whole organisation, starting from board level, must show a willingness to understand the legislation and implement procedures that protect the fundamental rights of individuals.

Follow us on Twitter to see what developments in public and social policy are interesting our research team. If you found this article interesting, you may also like to read our other data-related articles