Surveys and consultations are vital to the ongoing development of policy and transparency in decision making across the public sector. However, many organisations are unaware that the software they use to collect feedback stores that data outside the UK. This makes it subject to the laws of the host country and accessible by third parties, heightening the risk of a non-compliance incident.
Be mindful of your data flows
Exacerbating this situation, post GDPR, is the responsibility organisations have for ensuring that the transfer of data flowing from other countries to the UK and vice versa is lawful, or potentially face a significant fine. This issue concerning where data is stored and accessed from is causing increasing nervousness, particularly with the ongoing uncertainty about exactly how the UK’s data laws will look following Brexit. For more detail about data flows, transfer rules and how best in class providers can help simplify this process, why not have a read of our ‘Brexit & Data Protection: Deal Vs No Deal’ blog.
Given all the attention currently focused towards how our future relationship with the EU will look post Brexit, it’s important not to lose sight of other essential legislation you need to be adhering to, most notably GDPR. For surveys and consultations, it’s critical that you’re fully up to speed with all the consent and compliance issues surrounding the collection of data and responses from your survey respondents. If you need more information to help you with this, you might like to read our ‘Data Collection in The GDPR World Using Consent & Legitimate Interests’ blog piece. For both issues, the financial implications of non-compliance are alarming, which is why public sector organisations are doing everything they can to minimize data risk and maximise security.
Security of personal data is also crucial
These concerns also extend to any providers an organisation may be working with, particularly with regards to the systems and processes a provider has in place for managing their data. The biggest worry here is how this relates to the security of personal data, essentially any data that could unequivocally identify an individual person. We discuss the implications of this in more detail in our ‘Data Security and Personal Data’ blog, as well revealing how to identify a best in class provider who can offer the high levels of data security assurances required to protect you from this.
To help address the issues we’ve outlined, growing numbers of organisations are looking towards UK software providers, to offer assurances that their data will be hosted on UK servers and they will be supported by a completely UK based workforce. Post Brexit, this reduces many compliance risks surrounding data flow and transfer, and the threat of data access by foreign third parties.
How to ensure your data security and compliance
If you’re trying to find a new software provider to help you with data security and compliance, but don’t know what you should be looking for to identify the best provider for your needs, you might like to take a look at our ‘Guide to data security & compliance when choosing a software vendor’ eBook.
With still much uncertainty about the future, prudent organisations are already safeguarding their operational continuity and financial security by partnering with UK vendors, to ensure data processing, collection and storage processes remain compliant with GDPR and future UK laws following Britain’s departure from the EU.