Two years prior to the introduction of the GDPR, I realised it would be vital for organisations to understand their exposure to data and privacy risk given it impacts every part of their business from employees to clients, partners and regulatory authorities not to mention their reputation. And so in 2017 I founded The DPO Centre Ltd.
The DPO Centre is now the UK’s market leading independent data protection company, employing the largest team of permanently employed data protection officers (DPO) available. We offer expert advice and proactive resources to ensure organisations have access to the level of knowledge and expertise required to comply with the highest standards of privacy and data protection. Data protection is currently one of the fastest growing areas of business in the UK.
So what are the big privacy and data issues facing the UK in 2022?
• The ongoing impact of COVID
In the UK many companies are now asking employees to head back into the office. However, hybrid working is now the ‘new normal’ for many office-based workers and that means data processing is occurring out of secured office environments. This makes it much harder to apply the appropriate ‘technical and organisational measures’ that the law demands and complicates organisations’ ability to respond appropriately to individuals’ rights requests, like Data Subject Access Requests (DSARs).
The pandemic also created issues such as the UK government’s decision to develop their ‘Track and Trace’ app using a centralised, rather than de-centralised approach to data processing. This highlighted all manner of privacy-related issues in the mainstream news, significantly raising the profile and importance of data protection in the eyes of the public. It also forced organisations to focus their attention on data protection relating to their industries, something that would have otherwise just passed by. The knock-on effect of data protection being pushed into mainstream understanding and acceptance will be felt throughout 2022 and beyond.
• The UK’s data protection landscape
A government consultation on data protection that took place late in 2021 included proposals which showed a clear intention to diverge away, quite significantly in certain areas, from the EU’s regime. The two areas in which this is most true are regarding international data transfers and accountability requirements.
In terms of data transfers, the UK government has made its intentions clear that it wants to significantly broaden the number of countries awarded ‘adequacy’ (meaning personal data can flow more freely between the two jurisdictions), as well as the number of alternative transfer mechanisms available for businesses.
Overall, although nothing from the consultation is set in stone yet, it is clear many of the proposals, if written into UK law, would detrimentally impact the chances of the UK retaining its own ’adequate’ status with the EU when reviewed in four years’ time (or before).
• AI and privacy issues
Although AI and machine learning has been around for some time now, its use has really taken off over recent years. More and more of our clients are now leveraging AI and as it becomes more prevalent, so do the data protection considerations involved. Furthermore, AI presents far more complex data protection issues due to the inherent lack of transparency of algorithms and the increase in automated decision making, so how these risks are managed will be interesting to see, particularly as the UK has now set itself the goal of becoming an ‘AI global superpower’. It remains to be seen how far individuals’ data protection rights will be compromised in pursuit of this goal.
• Responsible innovation
The public are more aware of their privacy rights than ever before, and they are far less likely to tolerate the misuse of their personal data. They are also becoming more willing to enforce their rights against organisations, a trend that will only continue to grow into 2022 and beyond.
Data protection law is there to ensure that innovation occurs responsibly and respectfully, which is especially important with AI due to just how integrated it is becoming in our everyday lives and the types of decisions made about people that it is becoming increasingly involved in.
The key differentiator in the future will be those organisations that implement innovation responsibly. Doing so will build trust, loyalty and engagement between the organisation and their customers and stakeholders and will set them apart in an ever-competitive global market.