I saw this tweet (HT Ian Brown), and Douwe highlights the failure of Dropbox to properly document its data protection statements on their website. I’d add for a business that is in the business of document management this is pretty poor.
I then tabbed over to the UK information commissioner’s website to have a look at the guidance they provide for Brexit. See here. This comment about HR systems jumped out at me.
Whatever your personal political position is on brexit, with a no-deal becoming a very real possibility at the end of October, HR departments and HR vendors need to get their contingency planning in order now.
If I were the head of HR of any organization with dealings with the UK, I would be asking for a plan from IT for HR systems under a no-deal brexit on my desk by the end of this week. I’d demand a statement from all the vendors the organization works with about their plans for Brexit.
If you have staff in the UK providing support on your EU systems, you will need to make sure they can. You may well need to draw up contracts between subsidiaries and head office, so your lawyers had better get on it.
Vendors had at least 2 years to prepare for GDPR, and many still don’t really have their act in order. A no-deal brexit would create a whole new level of disruption. Vendors that host and support the EU from the UK will need a plan quickly, but this will impact pretty much every HRTECH vendor doing business in the UK. For US vendors that rely on the Data Shield, at a minimum you will need to update your policies to account for Brexit (see ICO guide).
While the obvious image of a no-deal Brexit is queues at the port of Dover, Port 80 is going to be a whole lot messier. I’m thinking of a red bus metaphor, but give me a while…
(Cross-posted @ Otter Advisory)