In November BCS ran an explainer for Schrems II – now we are looking at the adequacy of UK as a location as the status of the UK’s trade deals will have implications for data flows. In recent days have seen a new chamber of commerce piece from the US, we have clearer guidelines on international data flows to US and other Third Countries and published templates for contracts (Standard Contractual Clauses). How can they be implemented? What are the implications for your business? The UK as a third country: what will it mean to business in the UK, the EU and worldwide?
Host:
Adam Leon Smith
Adam is Chief Technology Officer and Data Protection Officer of Dragonfly, a UK/European consultancy, training and products. He is the current Chair of the BCS SIGIST. In his past, Adam has held senior roles at multinational financial services institutions, as well as ambitious start-ups. He is very active in ISO/IECs technical standardisation community. Adam is a Fellow of the British Computer Society, and ForHumanity, an independent oversight body auditing the use of AI and contact tracing technology. He is a regular speaker at conferences and a resident podcaster for the Ministry of Testing.
Panellists:
Chiara Rustici
Chiara is an independent academic and data regulation analyst. Formerly a research fellow with Italy's CNR, teaching fellow in Jurisprudence at the University of Genoa, and research scholar at the Universities of Milan and Edinburgh, she Chairs the BCS Law Specialist Group and is part of the BCS governance team with the PPP committee. She sits on the editorial board of the Journals Frontiers in Blockchain and Journal of Data Protection and Privacy and has published extensively on legal reasoning for academic publishers Computer Law Review International, Journal of Data Protection and Privacy, Bloomberg, O'Reilly books, Ragion Pratica, Contemporary Political Theory. In 2019 she was recognised by her peers in the inaugural DPO200 list compiled by the GDPR Institute as one of the ‘individuals who have made significant contributions to the privacy and security sectors’.
Owen Sayers
Owen is Senior Partner at Secon Solutions LLP. He is an Enterprise Architect with a security focus and is experienced in the delivery and architecture of large national systems and networks servicing the UK law enforcement community. He was involved in the original 2009 UK government ‘G Cloud’ initiative to build a government specific cloud landscape, and in creating standards and governance material for the original CESG Pan Government Cloud Accreditation model. Since UK government moved towards adoption of a generally Public cloud landscape he has tried to reconcile HMG Policy and applicable legislation with those commodity solutions; whilst specifying, designing and delivering private and community cloud solutions for high value government consumers who are unwilling, or unable, to adopt public cloud solutions. Owen has been involved in privacy and data protection issues since the implementation of the DPA 1998 and since 2018 has been active in trying to explain and support the adoption of the DPA 2018 Part 3 provisions for Law Enforcement Competent Authorities, in parallel with GDPR.
Discussion outline:
- It’s not just about the US – India and Australia (alongside the UK) also have DP regimes that don’t align well with Schrems.
- Brexit and Standard Contractual Clauses (SCCs) when dealing with a third country: will parallel instruments be needed by the UK?
- How will the UK public sector deal with data transfers? (Background – the data protection implications of the recent UK government cloud deal tender and UK’s relationships with AWS and MS for public cloud services
- Use cases – what about an organisation that has cross-border staffing – with common data processing based in one country?
- Looking at your organisational data flows – what do you need to know? It’s not just the sending of data – it’s about volumes and throughput measures.
- How easy is it to be compliant to Schrems II and can you reduce your vulnerability?
- What are the implications for encryption?
Audience Q&A - 15 minutes