The UK is in the process of reforming its data protection law but there is much uncertainty over data protection and privacy plans as the UK heads into 2023, according to the latest Data Protection Index results.
The majority of data protection and privacy experts (51%) predict that the current UK government will continue with the current data protection reforms as per the consultation that began under the Johnson government. The second-most popular prediction was that the UK would “revert back to UK GDPR” (27%), while around 15% of respondents believe that a “complete rewrite” of the law is likely.
Rob Masson, CEO of The DPO Centre, said: “The DCMS consultation on data protection is continuing to cause confusion. Since the last Data Protection Index, there have been two changes in Prime Minister, leading to some uncertainty regarding the direction of these planned reforms.”
The index also asked DPOs which issues they saw as their organisations’ biggest compliance challenge over the next 12-month period. This quarter, “data retention” again ranked as the biggest GDPR compliance concern, with 29% of respondents identifying it as their organisations’ top compliance challenge for the next 12 months. The second biggest GDPR compliance challenge identified by respondents was “international data transfers”, with 18% of respondents identifying this as their organisations’ top compliance challenge.
When asked if their organisation would pay a ransom in the event of a malware encryption attack, the proportion of respondents answering “yes” fell significantly this quarter, from 26% to 17% which is likely to suggest a hardening positioning amongst companies regarding cyberattacks.
In terms of the European Data Protection Board’s (EDPB) October Guidelines on personal data breaches under GDPR, 36% of respondents scored it an 8 or above, reflecting the concerns raised online by the wider data protection community and the worries that this could have on businesses. However, 11% of respondents stated that the EDPB’s guidance would be “not at all problematic”.
Rob Masson, CEO of The DPO Centre, continued “My concern is that organisations need to understand that any regulatory change is unlikely to be realised for many months, or even years from now. Therefore, businesses should be mindful of the fact that, for the foreseeable future, the UK GDPR as it stands still applies.”
The full report can be viewed at UK Data Protection Index - Outsourced Data Protection Officers GDPR and Data Protection Compliance (dpocentre.com)