The UK Data Protection Index is based on a survey conducted among UK data protection professionals, tracking their professional opinions on a range of privacy topics and industry trends. The data protection officers (DPOs) work in a wide range of organisation sizes and sectors across the UK, and their opinions offer an important snapshot of how data protection is evolving within organisations as the regulatory landscape becomes more complex and changeable.
Quarter two survey results of 2023 are now in, and the data reveal some pressing and important viewpoints.
One of the most discussed topics within the DPO community currently is, of course, the proposed changes to the UK GDPRThe UK General Data Protection Regulation. Before leaving the EU, the UK transposed the GDPR into UK law through the Data Protection Act 2018. This became the UK GDPR on 1st January 2021 when the UK formally exited the EU., and the shift away from the European legislative approach with the new Data Protection and Digital Information (No.2) Bill. These latest DP Index statistics show a definite consensus among DPOs about the UK’s suggested privacy framework and how they believe organisations will be impacted.
The results show an overwhelmingly negative response to all aspects of the proposed bill.
But before we take a deep dive into the figures, here is a brief update on the progress of the proposed UK legislation and what it could mean for organisations in the UK and abroad.
The government introduced the updated data protection bill on 8 March 2023, when it started progressing through the various readings and Committee stages in the House of Commons. The bill is currently in the report stage, poised for a third reading before advancing to the House of Lords.
The bill has six parts and thirteen schedules. Here is an overview of the key areas that would likely affect UK organisations:
source: Data Protection and Digital Information Bill copyright House of Commons 2022
These changes are a radical shift from the European approach to privacy and data protection and would certainly affect the way organisations proceed with the processing of personal data in the UK, not to mention the implications for dealing with multiple jurisdictions.
In the second reading of the bill in the House of Commons on 17 April 2023, the Minister for Data and Digital Infrastructure Julia Lopez said the government has no intention of “kicking off a revolution, turning over the apple cart and causing a compliance headache for UK firms.” The change in UK data protection laws is meant to drive innovation and help organisations.
“The UK,” she said, “cannot simply be rubber stamping whatever iteration of the GDPR comes out of Brussels.” source: Volume 731: debated on Monday 17 April 2023
However, this view does not tally with the thoughts of UK privacy professionals who are working on the ground, supporting organisations across the globe with their data protection compliance.
The EU GDPRRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data (General Data Protection Regulation). was intended to harmonise data protection regulations across the European Economic Area (EEA) whilst protecting the rights and freedoms of individuals. In moving away from the EU GDPR, the UK looks set to create a barrier between the current alignment organisations have between here and the EEA.
What do DPOs think about the proposed DPDI billThe proposed Data Protection and Digital Information (DPDI) Bill aims to amend and supplement the UK General Data Protection Regulation (UK GDPR), the Data Protection Act (2018) and the Privacy and Electronic Communications Regulation (PECR).? And how do they believe it will affect the organisations they work for? Here are the revelatory figures:
At this point, until the bill is passed, we can only hypothesise as to the actual ramifications, but the opinion of the data profession industry is clear. The proposed changes in the UK privacy laws are regarded as negative and unhelpful, quite the opposite of government aspirations.
Discussing the results of the DP Index with Ben Seretny, the head of DPOs at The DPO Centre, he summed up the overall feeling of many privacy professionals:
“The clear intention of the bill is to produce a law that creates efficiencies whilst reducing perceived compliance costs. However, the minor amendments made as it has progressed through Parliament have done little to address the potential serious concerns if the UK lowers its standard of data protection.
“The risk to our adequacy with the EU seems to be the eternally ignored elephant in the room. Loosening the rights that are currently afforded under the UK GDPR will create a confusing set of rules for organisations and complicate our ability to do international business with the vast number of economies who are looking to move in the opposite direction and strengthen their regulation of personal data usage.”
To read the latest DP Index Report in full, please see here.
The UK DP Index results this quarter have thrown up crucial insights into the mood of the privacy community. The overwhelmingly negative responses to questions about the proposed UK data protection bill are concerning.
Results currently show the highest ever DPO confidence levels in their organisations’ compliance with data protection laws. 63% of respondents ranked their organisations 8+ out of 10.
The big question is whether the government wants to risk destroying this confidence. It is something the Department for Science, Innovation and Technology needs to ask themselves. Perhaps they should start listening to the professionals on the ground – the ones who will be implementing the proposed changes and ensuring their organisations remain compliant with the separate UK and EU legislation.
The DPO Centre has one of the largest teams of outsourced DPOs and a skilled pool of professionals with expertise and knowledge to support organisations’ compliance concerns across a wide range of sectors. If you want to discuss the many additional benefits of outsourcing your DPO, complete the form below and we will be in touch.
Fill in your details below and we’ll get back to you as soon as possible