The latest UK Data Protection Index results out today provide insight from Data Protection Officers (DPOs) on the big privacy and data protection issues facing UK and international businesses.
This quarter saw some of the most significant developments in UK data protection, including the introduction of legislation to overhaul UK data protection law and the ICO’s publication of its new strategic plan (ICO25).
One of the biggest unknowns is the outcome of the Department of Digital, Culture, Media and Sport (DCMS)’s consultation, Data: A New Direction.
Although the new UK Data Protection and Digital Information Bill was introduced to Parliament, its second reading has been postponed following election of the new Prime Minister; further adding to the uncertainty.
The DCMS consultation has had a mixed reaction from privacy experts. 81% of UK data experts indicated that the proposal to remove the current requirement on certain organisations to appoint a DPO and instead only designate a “suitable senior individual” to oversee the organisation’s privacy management programme will not be in the best interests of the data subjects (which includes customers, employees and suppliers).
In addition, 69% of the panel indicated that they think it won’t save money (being much of the justification presented by DCMS) and 82% indicate that they do not expect the new regime will simplify privacy management.
Rob Masson, CEO, The DPO Centre said, “The DCMS consultation on data protection is continuing to cause confusion and, until more guidance is published on what these changes will mean for businesses, it is likely to remain that way. I would hope the new prime minister will listen to the industry that has been working hard to make the UK a world leader in data protection.
“My concern is that organisations will try to change before the new framework is in place. Organisations need to understand that any regulatory change is unlikely to be realised for many months, or even years from now. Therefore, businesses should be mindful of the fact that, for the foreseeable future, the UK GDPR as it stands still applies.”
The Index also highlights that a third (31 per cent) of companies in the UK are in the process or have already removed Google Analytics from their website following complaints from the campaign group noyb (None of Your Business). The decision comes from the Austrian and French data protection regulators, who both deemed the use of Google Analytics a violation of the GDPR’s data transfer rules by sending personal data to the U.S.
The DP Index asks data protection and privacy experts to identify the issues they see as their organisations’ biggest GDPR compliance challenge over the next 12 months. Whilst Data Retention is the biggest challenge (28%) it is AI, Machine learning and data ethics which is becoming the fastest growing challenge. In the past year, concern has grown three fold, from 4% to 12%.
Masson added, “It is interesting to note that AI regulation is the fastest growing challenge facing many organisations. Over 60 per cent of UK organisations already use or are planning to use AI in the near future according to a DCMS survey.
“This means an increased use of personal data due to the training of some AI systems relying on personal data to be able to work effectively. Like any technology that uses personal data, companies using AI systems will have to follow the rules laid down in data protection legislation.”
The full report of the latest UK Data Protection Index survey is available at https://www.dpocentre.com/resources/uk-data-protection-index/