During my attendance at this year’s Big Data 2022 conference, a crucial topic that was raised was the status of the UK and EU data protection landscape. The world of data protection is known for its continuous adaptation in its laws and regulations. For some, this dynamic makes it difficult to keep up.
Nathan Onojeghuo
Data Protection Executive
Guest speakers Tudor Galos and Marco Barone shared their knowledge on the regulatory changes that have taken place in the UK and the EU:
Data Protection Bill Delay
The Data Protection Bill is the centrepiece of the UK’s initiative to reform the data landscape following Brexit. This bill is intended to not only establish more independence from the EU regulations but to boost the economy.
The government has projected that UK businesses will save over £1b over a ten-year span once the bill is established. This is positive news for smaller businesses and industries who currently struggle to uphold elements such as personal data processing and online consent tracking.
However, it was announced that the UK government have had to delay the establishment of the bill. This was due to Liz Truss’ appointment as Prime Minister in September 2022 and her change in government. And then the change in leadership again as Rishi Sunak was appointed new PM.
For the time being, there will be a sense of continuity as the UK follow the GDPR and data protection regulations. But it can be inferred from the tech industry leaders conference in September 2021 that Sunak is in favour of a data protection reform.
Sunak stated that the GDPR is “not necessary” and referred back to countries such as Japan, Switzerland and Canada who are able to comfortably operate outside the scope of GDPR regulations. It can therefore be suggested that the UK will one day find itself reinitiating the Data Protection Bill under Sunak’s leadership.
International Transfers
The EU has always aimed to establish a unified approach to laws and regulations, reflected in the Treaty of Rome (1957) which succeeded in establishing a harmonised legislative approach for all EU member states.
However, the recent increase in the world’s data economy has resulted in division in data protection laws from countries deciding to adopt their own regulations. This is for example the case with China, as they possess regulations that deviate from those of the EU.
For now, businesses should be made aware of the use of safeguards that can initiate cross-border data transfers with countries outside of the EU and the EEA. This can be done so through the use of Standard Contractual Clauses and binding corporate rules that will help companies in the process of international data transfers.
3 things businesses can do to keep pace
Companies are left wondering what they can do internally to anticipate change. Tudor and Marco answered just that…
1. Data flows
With an increase of data usage, its crucial to track the location and flow of data. To protect this processing, it can be advised that Records of Processing Activities (RoPA’S) are maintained throughout a company. This involves noting the processes that take place in each department and to keep it updated in the case of any new or discontinued processes. Additionally, the use of data mapping is a beneficial tool to create a visual image of where data is collected from, where it is stored and how it is used.
2. Sub-processing
When involving third parties in your company processing, ensuring that the sub-processor maintains a correct standard of data protection compliance is key. When entrusting another party with your data, it is important to verify that the data is handled correctly. This can be done through regular or annual due diligence checks with the third party to make sure their data protection practices are in line with your own.
3. Policy management
Data protection is a regulation that should be followed by all members of staff in a company. To guarantee that everyone is made aware of the rules of data protection, a data protection policy should be established. This is to ensure staff members are being educated with data protection rules and to create a level of transparency. Policy management can lay this foundation through a focus on privacy, data breach and security.
To see how All Response Media protects data, see our privacy policy to find out more.
FEATURED READS
Contact us
All Respnse Media are a Top 15 UK Advertising Agency. Find out how our teams across London, Leeds and Amsterdam combine data science with digital and offline advertising to expand your business.
ALL RESPONSE MEDIA SERVICES