Brexit: Information Security Professionals Not Too Concerned


Manish Sood, Reltio CEO was asked to provide his perspective on what companies should do regarding their data management strategy in the event of a Brexit. The following is an excerpt of the article. The full article is available at

Manish Sood, CEO of data management firm Reltio said the good news is that companies have time to plan for Brexit.

Manish Sood Reltio CEO

“But the key now is ensuring that they are agile with their data management and privacy protection strategies,” he said, especially in the light of the GDPR that will come into force in 2018, which could be a year or more before the UK actually leaves the EU.

This means UK companies will have to comply with the GDPR in the short term as EU companies, but even when the UK does leave the EU, the GDPR will still apply for any UK companies doing business with the EU or handling the personal information of EU citizens.

“The GDPR has strong requirements around the accountability of businesses to demonstrate compliance, including privacy impact assessments, in which the risks to an individual during the use of that data must be detailed,” said Sood.

The GDPR also has strong requirements around data erasure, also known as “the right to be forgotten,” meaning removing any historical activities made by individuals captured as part of their digital activities, around profiling, which relates to the need to obtain permission from individuals before any of their profile data is used to evaluate their behavior, and around data breach notifications that dictate the minimum acceptable time periods upon which individuals or organisations must be notified when profiles containing their data is compromised.

“Data privacy and protection laws are becoming increasingly stringent, and are slowly catching up to the wealth of data being captured and used in the digital age,” said Sood.