Uncertainty over data protection and privacy plans for 2023
The latest Data Protection Index results out today provides insight on the big privacy and data protection issues facing UK and international businesses according to Data Protection Officers (DPOs).
The latest index reveals that the majority of data protection and privacy experts (51%) predict that the current UK government will continue with the current data protection reforms as per the consultation that began under the Johnson government. The second-most popular prediction was that the UK would “revert back to UK GDPR” (27%). Around 15% of respondents believe that a “complete rewrite” of the law was likely, with the remaining 7% predicting “something else”. The UK is in the process of reforming its data protection law, with the current government offering a smaller scaled consultation to see how stakeholders and organisations view the plans.
Rob Masson, CEO of The DPO Centre, stated “The DCMS consultation on data protection is continuing to cause confusion. Since the last Data Protection Index, there has been two changes in Prime Minister, leading to some uncertainty regarding the direction of these planned reforms. My concern is that organisations need to understand that any regulatory change is unlikely to be realised for many months, or even years from now. Therefore, businesses should be mindful of the fact that, for the foreseeable future, the UK GDPR as it stands still applies.”
The index asks DPOs which issues they see as their organisations’ biggest compliance challenge over the next 12-month period:
This quarter, “data retention” again ranked as the biggest GDPR compliance concern, with 29% of respondents identifying it as their organisations’ top compliance challenge for the next 12 months (up 1 percentage point since last quarter).
The second biggest GDPR compliance challenge identified by respondents was “international data transfers”, with 18% of respondents identifying this as their organisations’ top compliance challenge
For the fourth quarter running, no respondents identified COVID-19 as their biggest compliance challenge, aligning with the relaxation on the requirement to document COVID-19 cases.
This quarter The DPO Centre asked respondents for their views on the European Data Protection Board’s (EDPB) October Guidelines on personal data breaches under GDPR, and whether the respondents though the new requirement ‘to notify personal data breaches to every single authority’ would be problematic for their organisation. 36% of the respondents scored it an 8 or above. This has generally reflected the concerns raised online by the wider data protection community and the worries that this could have on businesses. Although, it is worth noting that 11% of respondents stated that the EDPB’s guidance would be “not at all problematic”.
Finally, privacy and data protection experts were set a malware encryption attack scenario with a ransom for the return of access.” When asked if “would your organisation pay the ransom?” The proportion of respondents answering “yes” (their organisation would pay the ransom) fell significantly this quarter, from 26% to 17%, likely to suggest a hardening positioning amongst companies regarding cyberattacks.