Data Protection and Digital Information Bill is heading in the wrong direction says data protection experts

1 year ago

The latest UK Data Protection Index results out today provide insight from Data Protection Officers (DPOs) on the big privacy and data protection issues facing UK and international businesses.

This quarter saw some of the most significant developments in UK data protection, including the introduction of legislation to overhaul UK data protection law and the ICO’s publication of its new strategic plan (ICO25). One of the biggest unknowns is the outcome of the Department of Digital, Culture, Media and Sport (DCMS)’s consultation, Data: A New Direction. Although the new UK Data Protection and Digital Information Bill was introduced to Parliament, its second reading has been postponed following election of the new Prime Minister; further adding to the uncertainty.

The DCMS consultation has had a mixed reaction from privacy experts. 81% of UK data experts indicated that the proposal to remove the current requirement on certain organisations to appoint a DPO and instead only designate a “suitable senior individual” to oversee the organisation’s privacy management programme will not be in the best interests of the data subjects (which includes customers, employees and suppliers). In addition, 69% of the panel indicated that they think it won’t save money (being much of the justification presented by DCMS) and 82% indicate that they do not expect the new regime will simplify privacy management.

Rob Masson, CEO, The DPO Centre “The DCMS consultation on data protection is continuing to cause confusion and, until more guidance is published on what these changes will mean for businesses, it is likely to remain that way.  I would hope the new prime minister will listen to the industry that has been working hard to make the UK a world leader in data protection.

“My concern is that organisations will try to change before the new framework is in place. Organisations need to understand that any regulatory change is unlikely to be realised for many months, or even years from now. Therefore, businesses should be mindful of the fact that, for the foreseeable future, the UK GDPR as it stands still applies.”

The Index also highlights that a third (31 per cent) of companies in the UK are in the process or have already removed Google Analytics from their website following complaints from the campaign group noyb (None of Your Business). The decision comes from the Austrian and French data protection regulators, who both deemed the use of Google Analytics a violation of the GDPR’s data transfer rules by sending personal data to the U.S.

The DP Index asks data protection and privacy experts to identify the issues they see as their organisations’ biggest GDPR compliance challenge over the next 12 months. Whilst Data Retention is the biggest challenge (28%) it is AI, Machine learning and data ethics which is becoming the fastest growing challenge. In the past year, concern has grown three fold, from 4% to 12%.

Rob Masson, CEO, The DPO Centre continued, “It is interesting to note that AI regulation is the fastest growing challenge facing many organisations. Over 60 per cent of UK organisations already use or are planning to use AI in the near future according to a DCMS survey1.

“This means an increased use of personal data due to the training of some AI systems relying on personal data to be able to work effectively. Like any technology that uses personal data, companies using AI systems will have to follow the rules laid down in data protection legislation.”

The full report of the latest UK Data Protection Index survey is available at https://www.dpocentre.com/resources/uk-data-protection-index/

Notes to Editors

The DPO Centre is the UK’s leading independent data protection officer resource centre, offering expert advice and ensuring organisations have access to the level of knowledge and expertise they require to comply with the highest standards of privacy and data protection.    



Follow The DPO Centre on LinkedIn https://www.linkedin.com/company/dpo-centre/  



For an interview with CEO, Rob Masson contact Louise Ahuja la@dpocentre.com 

  

Survey details 



Since the Data Protection Index launched in July 2020, the panel has grown to now include 523 DPOs, representing every region of the UK.

Over 50% of respondents are from London and the South East of England. 5% are from Scotland, 1.3% from Northern Ireland and 2.9% from Wales.

More than three-quarters of the DPOs (76.9%) are full-time, in-house employees. 15.1% are consultants or outsourced, and 6.1% are employed in-house on a part-time basis.

Nearly a quarter (24.5%) of respondents work for companies with between 1,001-5,000 employees. However, all sizes of companies are represented, from firms with just 10 employees or less (6%) to businesses with a 10,000+ workforce (13.8%).

Attached Media

About The DPO Centre

Founded in 2017 by Rob Masson, The DPO Centre is the UK’s leading independent data protection resource centre, offering expert advice and ensuring organisations have access to the level of knowledge and expertise they require to comply with the highest standards of privacy and data protection.  Follow the DPO Centre on LinkedIn https://www.linkedin.com/company/dpo-centre/ The DPO Centre’s services include: • Providing outsourced Data Protection Officers on a ‘fractional’ basis (so 1 to 8 days per month) that become integral and trusted members of the client’s team • Interim and overflow resources to support and extend existing compliance teams • EU and UK representation as required by Article 27 of the GDPR • and a full range of privacy and data protection consultancy and training services to companies across all sectors in the UK.