International Data Transfers are the biggest challenge for privacy laws. Latest results of UK Data Protection Index
International data transfers are now seen as the biggest challenge when trying to comply with the GDPR according to one in five data protection experts in the latest quarterly Data Protection Index. This is up by a third from November 2020 and a five-fold increase from July 2020.
The UK Data Protection Index, developed by The DPO Centre (Outsourced GDPR & Data Protection Compliance | DPO Centre) and Data Protection World Forum, is one of the largest surveys of UK data protection and privacy professionals. The latest findings reveal that companies are grappling with international data transfers which have leapfrogged the previous most cited issue of accountability and demonstrating compliance. However, they remain a major concern, cited by 17 per cent of data protection officers (DPOs).
Rob Masson, CEO, The DPO Centre commented “The DP Index highlights the ongoing challenges in privacy and data protection and changing attitudes following the end of the Brexit transition period and the Schrems II decision. We don’t expect the challenges to be resolved anytime soon. However, the UK has an opportunity to create a strong data infrastructure; with a high level of regulatory compliance, along with developing a data-literate workforce, and increasing the number of people with advanced data skills.”
The Index highlights that DPOs increasingly believe that the UK's data laws are more advanced than other countries. The average score has increased for the second quarter running and is now 7.55 out of ten (an increase from 7.32 in November 2020 and 7.12 last July 2020).
At the same time Brexit has dropped down the list of concerns with only 19 per cent of DPOs now saying Brexit will have a major impact on their organisation’s data compliance requirements, down from 32 per cent in November last year. This is likely to be because the majority of DPOs (74%) believe the EU will confirm the UK’s draft adequacy decision in the near future.
The Index provides further insight on expected budgets and spending priorities. Respondents said they expect their organisation’s data protection budget to increase 10 per cent over the next 12 months. This is double the expected increase of five per cent that panellists indicated in the last Index poll in November and suggests there is optimism that companies will be investing more into data protection.
84 per cent of panelists believe the role of data protection officer should become a protected title with minimum qualification requirements, up from 80% in November. This does however raise further questions around who would oversee and regulate this requirement.
David Smith, Data Protection Officer, The DPO Centre commented “As a sector we need to agree what level of technical and legal expertise would form the core of a data protection qualification.”