2018
Since the introduction of the General Data Protection Regulation (GDPR) in May 2018, the core principles have remained constant, but the UK data protection landscape has seen significant changes

2024
Is your business staying current with these changes? Has your data protection compliance framework been updated accordingly?

CHANGES
Here are two key changes that have significantly impacted the GDPR landscape:
  
BREXIT
With Brexit, the EU GDPR was replaced by the UK GDPR in the UK.  While the principles are largely the same, businesses handling personal data of both UK and EU citizens must now comply with both sets of laws.  It’s important to ensure your UK business data protection documents reflect this shift and do not only refer to EU law.

TRANSFERS TO THE US
In 2020, a major legal challenge altered how personal data can be transferred to the US.  The UK now has clear mechanisms to allow data to flow to the UK under the UK-US Data Bridge,  but the correct controls and certifications must be in place and governance documents and contract templates should reflect the latest mechanisms.

ARTIFICIAL INTELLIGENCE (AI)
The boom of Artificial Intelligence (AI) has also led many businesses to review their internal policies regarding the use of AI in the workplace.   If AI involves the disclosure or use of personal data, proper governance is essential.

BEST PRACTICE REVIEWS
In the past  five years, the data protection landscape has evolved.  Have your data protection frameworks evolved with it?  Regular reviews and updates of your governance documentations are crucial.  

Here are some essential documents that should be regularly reviewed:  

• Privacy Policies and Fair Processing Notices: Ensure these reflect how you handle personal data and keep data subjects informed
• Data Protection Contract Clauses: Assess the risk of suppliers processing personal data, including those outside of the UK. Ensure intra-company transfers, especially outside the UK and EU, are governed by contracts
• Managing Data Subjects Rights and Marketing Permissions: This is a key area of enforcement by the UK data protection regulator.
• Data Breach Readiness Procedures: Have tried-and-tested procedures in place for managing data breaches
• Staff Awareness Training: Educate your team on data protection and your business’s compliance processes
• Privacy By Design: Incorporate data protection impact assessments into new projects and change programmes

Demonstrating good governance is a requirement of the UK GDPR, especially during internal or external audits

SUMMARY

• Schedule Regular Reviews: Stay in control of changes outside of the review lifecycle
• Keep Informed: Keep abreast of future data protection laws and future-proof your processes where possible

Data is a valuable business commodity and a robust framework for managing it only increases its value