SlideShare a Scribd company logo

TrustArc Webinar: UK's Post-Brexit GDPR Reforms

TrustArc
TrustArc

On January 1 2021, the UK formally and effectively left the European Union. As a result, the EU GDPR no longer applies in the UK. Currently, the UK DPA 2018 sets out the data protection framework in the UK. Are you UK-DPA compliant? What are some of the expected data protection reforms from UK authorities? Join our panel in this webinar as we explore the current rules on transfers of personal data between the UK and the EU and how your company can comply. This webinar will review: - What the Brexit changes in terms of data privacy - The main differences between the UK-DPA and the EU-GDPR - How to become compliant in both the EU and the UK

Technology
1 of 14
Download to read offline
1 1 © 2022 TrustArc Inc. Proprietary and Confidential Information. UK's Post-Brexit GDPR Reforms: What to Expect, How to Adapt
2 2 Speakers Ralph T O’Brien Principal Consultant - Europe TrustArc Meaghan McCluskey Associate General Counsel - Research TrustArc
3 3 Agenda • UK history 1984 Act, 1998 Act. 2018 Act • DPPECR amendments 2019 and 2020 • UK GDPR vs EU GDPR • DCMS data transfers assessments and EU vs UK adequacy targets • Consultation on UK DP reform • Potential UK Data Reform Bill Queens’ speech announcement
4 4 Long History of respect for Privacy - and long before the EU! “The poorest man may in his cottage bid defiance to all the forces of the Crown. It may be frail; its roof may shake; the wind may blow through it; the storm may enter; the rain may enter; but the King of England cannot enter -- all his force dares not cross the threshold of the ruined tenement!” William Pitt the Elder “Prime Minister” (speaking against taxation, Cider Bill 1763)
5 5 UK Data Protection History Data Protection laws 12th July 1984 Data Protection Act Only Computerised data Based on CoE Conv 108 16th July 1998 Data Protection Act Manual data, more rights Based on 95/46/EC (EU DPD) (Later the PECR in 2003, in response to EU ePrivacy Directive 2002) HRA 1998 - general right 24th May 2018 Data Protection Act Accountability, DPOs, DPIAs, ROPAs. Based on 679/2016 (EU GDPR) Sets up ICO Powers, National Security, Law Enforcement, Legal Basis, Exemptions etc. New Data Protection Charges and Regulations. Fees. 1st January 2021 EU Exit Amendments Jan 1st 2021 - “UK GDPR” processing earlier subject to “EU GDPR” The Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) 2019 and 2020 Amends DP and PECR ?? ??? 2022 Data Reform Bill announced in Queen’s Speech June 2022 Based on DCMS Consultation “Data: A new Direction” Sept 2021
6 6 UK GDPR versus EU GDPR UK’s DATA PROTECTION ACT 2018… AS AMENDED BY... THE DATA PROTECTION, PRIVACY AND ELECTRONIC COMMUNICATIONS (AMENDMENTS ETC)(EU EXIT) REGULATIONS 2019 made on 29 February 2019 AS AMENDED BY… THE DATA PROTECTION, PRIVACY AND ELECTRONIC COMMUNICATIONS (AMENDMENTS ETC)(EU EXIT) REGULATIONS 2020 made on 14 October 2020 KEELING SCHEDULE = A TRACK CHANGES DOCUMENT EVERYTHING AND NOTHING CHANGED!
7 7 REAL CHANGES… ICO no longer an EU supervisory body, Cannot attend EDPB. Where previously ICO was lead EU SA, have to change to new, get any “approvals” re-approved by EU SA (such as BCRs etc). UK now a “Third Country”, granted six months to gain adequacy by European Commission. UK DCMS takes on “EC role” including the power to grant UK adequacy decisions. UK achieves Adequacy in 2021 for LED and GDPR, and promptly announces intention to… “unleash data’s power across the economy and society for the benefit of British citizens and British businesses” New ICO John Edwards takes up post in Jan 2021. ICO issues IDTAs (UK alternative to EU SCCs for int data transfer) with SCC “add on” annex. 1st January 2020+ = UK GDPR
8 8 DCMS Adequacy Process The jurisdictions listed as high priority for UK adequacy decisions are: Australia; Brazil; Colombia; the Dubai International Financial Centre; India; Indonesia; Kenya; the Republic of Korea; Singapore; and the U.S. Apart from S Korea, these are all not EU adequate creating possibility of EU “onward transfer” risk. DCMS position is “why should our adequacy be less valid than EC’s” (NOTE: EU and EEA Member States are already recognized as adequate by the UK, in addition to EU adequate jurisdictions at time of exit such as Argentina, Canada, Japan, Switzerland, New Zealand and Israel). “Could be we are doing the EC’s homework for them”
9 9 Adequacy Process • Gatekeeping stage: consideration of whether to commence an adequacy assessment in respect of a country, by reference to policy factors, including high standards of data protection and the UK's strategic interests • Assessment stage: collection and analysis of information relating to the level of data protection in another country; this will look at questions based on key principles of the safeguards in the UK GDPR, while recognising that countries protect personal data in different ways • Recommendation stage: officials will make a recommendation to the Secretary of State for Digital, Culture, Media and Sport, who will, after consulting the Information Commissioner and any others considered appropriate, decide whether to make a determination of adequacy in respect of a specific country • Procedural stage: making relevant regulations - and laying these in Parliament - to give legal effect to an adequacy determination
10 10 Data Protection Reforms Remove barriers to innovation, easier use of algorithms, AI, machine learning and research/analytics data Removing transparency requirements for research, making further uses of data for research always legal List of “pre approved legitimate interests” Remove or restrict article 22 rights regarding automated decision making Re-introduce fees for subject access requests Extend marketing soft opt in rule Key Proposals from Data:A new direction consultation, published Oct 2021 Reform Accountability provisions (restricting or removing DPOs, DPIAs, Prior Consultation, PbD, ROPAs, Breach Reporting etc etc) as “EU redtape” introducing costs without benefit Permitting analytics and other similar cookies/tech without consent/notification Add extra lawful basis for “democratic engagement”, and “substantial public interest” extended Risk based approach to Adequacy decisions More govt oversight of ICO including powers to overturn ICO decisions where not in “economic growth and innovation” of the UK and SecOfState to carry out reviews of ICO performance . DON’T PANIC!
11 11 The Queen’s Speech “...The United Kingdom’s data protection regime will be reformed [Data Reform Bill]...”
12 12 Response to Consultation, published June 17 2021 1. DPOs, DPIAs, Prior Consultation, ROPA - replaced by risk managed privacy programme, must have senior representatives responsible for DP, may still have data inventories, and ensure risk assessment for high risk activities. 2. Breach reporting and DSARS, Automated Processing - no changes or charges, but add “clarity”, and expand on exemptions for “manifestly unfounded” and “vexatious and excessive” 3. PECR and Cookies - aim to remove cookie banners by long term adding a browser based solution, short term change to opt out (opt-in for kids), extend purposes where no consent required (analytics?). Expand soft opt in for charities and political parties. Raise PECR fines from £500k to GDPR equivalent (£17.5m or 4% GAT) 4. Anonymisation - add a risk based approach relative test and “clarify”. 5. Legitimate Interests - taking forwards a “carefully defined” list where LIAs no longer required, crime/safeguarding mentioned. Gov can add to list with parliamentary scrutiny. 6. Data Transfers - Keep DCMS target list. Change to risk and outcome based. Remove 4 year periods for ongoing monitoring. SecOfState can create more mechanisms. 7. AI and ML - New sensitive data legal basis to allow for monitoring/correcting bias in AI systems. Add “clarity” around safeguards for AI and Automated Decision Making. 8. ICO - add chief exec and management board, DCMS appoint non execs, add an experts panel, publish KPIs, potential name change, potential for more government oversight and approval of codes of practices and guidance. https://www.gov.uk/government/consultations/data-a-new-direction/outcome/data-a-new-direction-government-response-to-consultation
13 13 One last word… “...Now that we are no longer part of the European Union, we have the opportunity to create an agile, light touch and forwards looking regulatory eco-system for digital tech. This will stimulate innovation and allow our tech sector to thrive, while protecting businesses and consumers…” A US word, EU focuses on fundamental human rights, poor drafting or deliberate choice…? “…A person/human has rights, A consumer has only a small amount of choice and control… (Heather Burns)” Is this sentence is indicative of a new UK gov approach, less EU, more US? DCMS new Digital Policy strategy June 2013
14 14 Thank You! See http://www.trustarc.com/insightseries for the 2022 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.

Recommended

How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023TrustArc
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveTrustArc
 
TelcoME2015_IOTRegulation
TelcoME2015_IOTRegulationTelcoME2015_IOTRegulation
TelcoME2015_IOTRegulationEamonHolley
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India SadanandGahivare
 
UK GDPR: What New Direction?
UK GDPR: What New Direction?UK GDPR: What New Direction?
UK GDPR: What New Direction?David Erdos
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2Paul Richards
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2Keith Purves
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 

Recommended

How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023TrustArc
 
Brexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveBrexit Data Protection Update: The EU, US and UK Perspective
Brexit Data Protection Update: The EU, US and UK PerspectiveTrustArc
 
TelcoME2015_IOTRegulation
TelcoME2015_IOTRegulationTelcoME2015_IOTRegulation
TelcoME2015_IOTRegulationEamonHolley
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India SadanandGahivare
 
UK GDPR: What New Direction?
UK GDPR: What New Direction?UK GDPR: What New Direction?
UK GDPR: What New Direction?David Erdos
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2Paul Richards
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2Keith Purves
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012lilianedwards
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
Regulatory Enforcement of UK Data Protection
Regulatory Enforcement of UK Data ProtectionRegulatory Enforcement of UK Data Protection
Regulatory Enforcement of UK Data ProtectionDavid Erdos
 
The GDPR, Brexit, the UK and adequacy
The GDPR, Brexit, the UK and adequacyThe GDPR, Brexit, the UK and adequacy
The GDPR, Brexit, the UK and adequacyLilian Edwards
 
EMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterEMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterTrustArc
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementGACC_Midwest
 
PL&B _UK_80
PL&B _UK_80PL&B _UK_80
PL&B _UK_80Lyndsey Shaw
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for TechiesLilian Edwards
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
 
EU Push for Digital Sovereignty (1).pptx
EU Push for Digital Sovereignty (1).pptxEU Push for Digital Sovereignty (1).pptx
EU Push for Digital Sovereignty (1).pptxTeddyIswahyudi1
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Meteringnuances
 
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...Nick Stringer
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data OpportunityiCrossing
 
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxPECB
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPRSpoon London
 
EU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh NetworksEU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh NetworksAlberto Peñaranda Echevarría
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...TrustArc
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018Altimeter, a Prophet Company
 
FINAL REPORT
FINAL REPORTFINAL REPORT
FINAL REPORTMartina Lindblad
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsThe Economist Media Businesses
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

More Related Content

Similar to TrustArc Webinar: UK's Post-Brexit GDPR Reforms

Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012lilianedwards
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
Regulatory Enforcement of UK Data Protection
Regulatory Enforcement of UK Data ProtectionRegulatory Enforcement of UK Data Protection
Regulatory Enforcement of UK Data ProtectionDavid Erdos
 
The GDPR, Brexit, the UK and adequacy
The GDPR, Brexit, the UK and adequacyThe GDPR, Brexit, the UK and adequacy
The GDPR, Brexit, the UK and adequacyLilian Edwards
 
EMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterEMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterTrustArc
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementGACC_Midwest
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
 
EU Push for Digital Sovereignty (1).pptx
EU Push for Digital Sovereignty (1).pptxEU Push for Digital Sovereignty (1).pptx
EU Push for Digital Sovereignty (1).pptxTeddyIswahyudi1
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Meteringnuances
 
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...Nick Stringer
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data OpportunityiCrossing
 
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxPECB
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPRSpoon London
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...TrustArc
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsThe Economist Media Businesses
 

Similar to TrustArc Webinar: UK's Post-Brexit GDPR Reforms (20)

Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe Harbor
 
Regulatory Enforcement of UK Data Protection
Regulatory Enforcement of UK Data ProtectionRegulatory Enforcement of UK Data Protection
Regulatory Enforcement of UK Data Protection
 
The GDPR, Brexit, the UK and adequacy
The GDPR, Brexit, the UK and adequacyThe GDPR, Brexit, the UK and adequacy
The GDPR, Brexit, the UK and adequacy
 
EMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years LaterEMEA Quarterly Update: GDPR Two Years Later
EMEA Quarterly Update: GDPR Two Years Later
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor Replacement
 
PL&B _UK_80
PL&B _UK_80PL&B _UK_80
PL&B _UK_80
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...
 
EU Push for Digital Sovereignty (1).pptx
EU Push for Digital Sovereignty (1).pptxEU Push for Digital Sovereignty (1).pptx
EU Push for Digital Sovereignty (1).pptx
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Metering
 
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...
 
Your Big Data Opportunity
Your Big Data OpportunityYour Big Data Opportunity
Your Big Data Opportunity
 
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptxISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
ISO-IEC 27701 and EU-U.S. Privacy Regulations What’s next.pptx
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPR
 
EU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh NetworksEU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh Networks
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
 
FINAL REPORT
FINAL REPORTFINAL REPORT
FINAL REPORT
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 

More from TrustArc

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...TrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceTrustArc
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfTrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...TrustArc
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsTrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsTrustArc
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...TrustArc
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdfTrustArc
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceTrustArc
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustTrustArc
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowTrustArc
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc
 

More from TrustArc (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To Know
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

TrustArc Webinar: UK's Post-Brexit GDPR Reforms

  • 1. 1 1 © 2022 TrustArc Inc. Proprietary and Confidential Information. UK's Post-Brexit GDPR Reforms: What to Expect, How to Adapt
  • 2. 2 2 Speakers Ralph T O’Brien Principal Consultant - Europe TrustArc Meaghan McCluskey Associate General Counsel - Research TrustArc
  • 3. 3 3 Agenda • UK history 1984 Act, 1998 Act. 2018 Act • DPPECR amendments 2019 and 2020 • UK GDPR vs EU GDPR • DCMS data transfers assessments and EU vs UK adequacy targets • Consultation on UK DP reform • Potential UK Data Reform Bill Queens’ speech announcement
  • 4. 4 4 Long History of respect for Privacy - and long before the EU! “The poorest man may in his cottage bid defiance to all the forces of the Crown. It may be frail; its roof may shake; the wind may blow through it; the storm may enter; the rain may enter; but the King of England cannot enter -- all his force dares not cross the threshold of the ruined tenement!” William Pitt the Elder “Prime Minister” (speaking against taxation, Cider Bill 1763)
  • 5. 5 5 UK Data Protection History Data Protection laws 12th July 1984 Data Protection Act Only Computerised data Based on CoE Conv 108 16th July 1998 Data Protection Act Manual data, more rights Based on 95/46/EC (EU DPD) (Later the PECR in 2003, in response to EU ePrivacy Directive 2002) HRA 1998 - general right 24th May 2018 Data Protection Act Accountability, DPOs, DPIAs, ROPAs. Based on 679/2016 (EU GDPR) Sets up ICO Powers, National Security, Law Enforcement, Legal Basis, Exemptions etc. New Data Protection Charges and Regulations. Fees. 1st January 2021 EU Exit Amendments Jan 1st 2021 - “UK GDPR” processing earlier subject to “EU GDPR” The Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) 2019 and 2020 Amends DP and PECR ?? ??? 2022 Data Reform Bill announced in Queen’s Speech June 2022 Based on DCMS Consultation “Data: A new Direction” Sept 2021
  • 6. 6 6 UK GDPR versus EU GDPR UK’s DATA PROTECTION ACT 2018… AS AMENDED BY... THE DATA PROTECTION, PRIVACY AND ELECTRONIC COMMUNICATIONS (AMENDMENTS ETC)(EU EXIT) REGULATIONS 2019 made on 29 February 2019 AS AMENDED BY… THE DATA PROTECTION, PRIVACY AND ELECTRONIC COMMUNICATIONS (AMENDMENTS ETC)(EU EXIT) REGULATIONS 2020 made on 14 October 2020 KEELING SCHEDULE = A TRACK CHANGES DOCUMENT EVERYTHING AND NOTHING CHANGED!
  • 7. 7 7 REAL CHANGES… ICO no longer an EU supervisory body, Cannot attend EDPB. Where previously ICO was lead EU SA, have to change to new, get any “approvals” re-approved by EU SA (such as BCRs etc). UK now a “Third Country”, granted six months to gain adequacy by European Commission. UK DCMS takes on “EC role” including the power to grant UK adequacy decisions. UK achieves Adequacy in 2021 for LED and GDPR, and promptly announces intention to… “unleash data’s power across the economy and society for the benefit of British citizens and British businesses” New ICO John Edwards takes up post in Jan 2021. ICO issues IDTAs (UK alternative to EU SCCs for int data transfer) with SCC “add on” annex. 1st January 2020+ = UK GDPR
  • 8. 8 8 DCMS Adequacy Process The jurisdictions listed as high priority for UK adequacy decisions are: Australia; Brazil; Colombia; the Dubai International Financial Centre; India; Indonesia; Kenya; the Republic of Korea; Singapore; and the U.S. Apart from S Korea, these are all not EU adequate creating possibility of EU “onward transfer” risk. DCMS position is “why should our adequacy be less valid than EC’s” (NOTE: EU and EEA Member States are already recognized as adequate by the UK, in addition to EU adequate jurisdictions at time of exit such as Argentina, Canada, Japan, Switzerland, New Zealand and Israel). “Could be we are doing the EC’s homework for them”
  • 9. 9 9 Adequacy Process • Gatekeeping stage: consideration of whether to commence an adequacy assessment in respect of a country, by reference to policy factors, including high standards of data protection and the UK's strategic interests • Assessment stage: collection and analysis of information relating to the level of data protection in another country; this will look at questions based on key principles of the safeguards in the UK GDPR, while recognising that countries protect personal data in different ways • Recommendation stage: officials will make a recommendation to the Secretary of State for Digital, Culture, Media and Sport, who will, after consulting the Information Commissioner and any others considered appropriate, decide whether to make a determination of adequacy in respect of a specific country • Procedural stage: making relevant regulations - and laying these in Parliament - to give legal effect to an adequacy determination
  • 10. 10 10 Data Protection Reforms Remove barriers to innovation, easier use of algorithms, AI, machine learning and research/analytics data Removing transparency requirements for research, making further uses of data for research always legal List of “pre approved legitimate interests” Remove or restrict article 22 rights regarding automated decision making Re-introduce fees for subject access requests Extend marketing soft opt in rule Key Proposals from Data:A new direction consultation, published Oct 2021 Reform Accountability provisions (restricting or removing DPOs, DPIAs, Prior Consultation, PbD, ROPAs, Breach Reporting etc etc) as “EU redtape” introducing costs without benefit Permitting analytics and other similar cookies/tech without consent/notification Add extra lawful basis for “democratic engagement”, and “substantial public interest” extended Risk based approach to Adequacy decisions More govt oversight of ICO including powers to overturn ICO decisions where not in “economic growth and innovation” of the UK and SecOfState to carry out reviews of ICO performance . DON’T PANIC!
  • 11. 11 11 The Queen’s Speech “...The United Kingdom’s data protection regime will be reformed [Data Reform Bill]...”
  • 12. 12 12 Response to Consultation, published June 17 2021 1. DPOs, DPIAs, Prior Consultation, ROPA - replaced by risk managed privacy programme, must have senior representatives responsible for DP, may still have data inventories, and ensure risk assessment for high risk activities. 2. Breach reporting and DSARS, Automated Processing - no changes or charges, but add “clarity”, and expand on exemptions for “manifestly unfounded” and “vexatious and excessive” 3. PECR and Cookies - aim to remove cookie banners by long term adding a browser based solution, short term change to opt out (opt-in for kids), extend purposes where no consent required (analytics?). Expand soft opt in for charities and political parties. Raise PECR fines from £500k to GDPR equivalent (£17.5m or 4% GAT) 4. Anonymisation - add a risk based approach relative test and “clarify”. 5. Legitimate Interests - taking forwards a “carefully defined” list where LIAs no longer required, crime/safeguarding mentioned. Gov can add to list with parliamentary scrutiny. 6. Data Transfers - Keep DCMS target list. Change to risk and outcome based. Remove 4 year periods for ongoing monitoring. SecOfState can create more mechanisms. 7. AI and ML - New sensitive data legal basis to allow for monitoring/correcting bias in AI systems. Add “clarity” around safeguards for AI and Automated Decision Making. 8. ICO - add chief exec and management board, DCMS appoint non execs, add an experts panel, publish KPIs, potential name change, potential for more government oversight and approval of codes of practices and guidance. https://www.gov.uk/government/consultations/data-a-new-direction/outcome/data-a-new-direction-government-response-to-consultation
  • 13. 13 13 One last word… “...Now that we are no longer part of the European Union, we have the opportunity to create an agile, light touch and forwards looking regulatory eco-system for digital tech. This will stimulate innovation and allow our tech sector to thrive, while protecting businesses and consumers…” A US word, EU focuses on fundamental human rights, poor drafting or deliberate choice…? “…A person/human has rights, A consumer has only a small amount of choice and control… (Heather Burns)” Is this sentence is indicative of a new UK gov approach, less EU, more US? DCMS new Digital Policy strategy June 2013
  • 14. 14 14 Thank You! See http://www.trustarc.com/insightseries for the 2022 Privacy Insight Series and past webinar recordings. If you would like to learn more about how TrustArc can support you with compliance, please reach out to sales@trustarc.com for a free demo.