Data Protection in the UK takes centre stage

With the introduction of the second draft of the Data Protection and Digital Information Bill, earlier this month, along with fresh data breach guidance coming out of Europe, British businesses find themselves under increasing pressure to step up their commitment to meeting data regulatory requirements both at home and abroad.

In the latest Data Protection Index. Data protection experts in the UK rated what they believe will be their organisations’ biggest GDPR compliance challenges over the next twelve-month period:

• The most significant change in respondents’ attitudes this quarter relates to AI and machine learning. 14% of respondents identified this as their organisation’s biggest GDPR compliance challenge (up 7% from the last quarter).

• The second biggest GDPR compliance challenge identified by respondents through the survey was "international data transfers", with 15% of respondents identifying this as their organisations’ top GDPR compliance challenge.

• 8% of respondents chose "handling individuals’ rights requests" as their organisations’ biggest GDPR compliance, the highest recorded score since the survey began back in Q3 2020.

Rob Masson "This quarter's panel results were collected prior to the announcement of the UK Data Protection and Digital Information Bill (2), giving us unique insight into the sector’s views prior to its release and dissection.

It is a concern to see our panel members now expect to see their organisation’s budget for data protection stagnate during 2023. Particularly when the introduction of the new Bill requires the continued maintenance of the current, and in some areas, higher, compliance standards.  Additionally, businesses processing personal data on both EU and UK residents will soon need to navigate two separate privacy regimes, and therefore likely subject to increased compliance costs. 

This quarter’s results reveal that data retention, international data transfers, and AI and machine learning are the key compliance challenges.  It therefore appears clear that 2023 is going to be just as interesting and challenging for the industry to traverse, as the previous almost 5 years have been since the GDPR came into force.”

In addition, the results of the DP Index reveal what data protection experts see as their organisations’ biggest data protection compliance issues:

• Privacy experts were least confident in their organisations’ compliance with data retention requirements, with just 23% of them scoring 8 or above in this area.

• Over the last four quarters, confidence in their organisations' compliance with data retention requirements has declined.

• This quarter, respondents were most confident in their organisations’ compliance with the policies and procedures, with 77% of respondents scoring their organisation 8 or above in each category.

• The confidence in vendor compliance with due diligence has fallen significantly since the last quarter (down 5% from the last quarter and 10% from its Q1 2021 high).

Nick James, Founder, Data Protection World Forum, commented, "Data protection officers are on the frontlines of data evolution. It’s never been more important to take in their views to help us understand business priorities, how regulatory changes affect corporate needs, and how data subjects’ expectations are shifting."

Notes to Editors

The DPO Centre is the UK’s leading independent data protection officer resource centre, offering expert advice and ensuring organisations have access to the level of knowledge and expertise they require to comply with the highest standards of privacy and data protection.
Follow The DPO Centre on LinkedIn
For an interview with CEO, Rob Masson contact Louise Ahuja

Survey details

Since the Data Protection Index launched in July 2020, 564 DPOs from across every part of the UK have taken part.

UK Data Protection Index - Outsourced Data Protection Officers GDPR and Data Protection Compliance (

Attached Media

About The DPO Centre

Founded in 2017 by Rob Masson, The DPO Centre is the UK’s leading independent data protection resource centre, offering expert advice and ensuring organisations have access to the level of knowledge and expertise they require to comply with the highest standards of privacy and data protection.  Follow the DPO Centre on LinkedIn The DPO Centre’s services include: • Providing outsourced Data Protection Officers on a ‘fractional’ basis (so 1 to 8 days per month) that become integral and trusted members of the client’s team • Interim and overflow resources to support and extend existing compliance teams • EU and UK representation as required by Article 27 of the GDPR • and a full range of privacy and data protection consultancy and training services to companies across all sectors in the UK.