The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues.
The DPIA newsletter is a round-up of the most interesting and need-to-know privacy issues from the past two weeks. A quick 3-minute read to keep you on top of the news.
Knowledge nuggets for busy privacy professionals
Data retention and the GDPR: Best practices for compliance
In our latest blog, we offer practical advice and tips on data retention schedules and compliance with data protection laws. Understand the role of data controllers, processors and sub-processors in data retention policies. We also delve into the challenges businesses face and offer practical solutions with helpful tips for effective data management. Discover best practice solutions for data retention compliance
Proposed DPDI Bill passes vote to final stages
On 29 November 2023, the UK’s proposed Data Protection and Digital Information (DPDI) Bill passed its third reading, moving to the House of Lords for the final stages of consideration. Few MPs turned up for the debate, although there was notable opposition, with questions posed about the implications for data protection and privacy rights. Layla Moran, MP for Oxford West and Abingdon, said scientific businesses were concerned ‘that any material deviation on standards, particularly European Union data adequacy, would entangle them in more red tape, rather than remove it.’ Read details of the vote and reactions from The DPO Centre team
DSIT publishes draft framework for AI skills for business
The Department for Science, Innovation and Technology (DSIT) published a draft guidance for consultation titled ‘AI Skills for Business Competency Framework’ on 30 November 2023. The framework aims to support employers and employees in understanding their AI upskilling needs and guiding training providers in developing new content to meet industry demands. The document focusses on how to reap the benefits of AI safely, including the safe and secure management of sensitive data. Stakeholders can comment on the guidance through the Alan Turin Institute until January 2024. Read the draft framework for public consultation
European Council adopts the European Data Act
On 27 November, the European Council adopted a new regulation on the fair access to and use of data. Called the European Data Act, the legislation establishes guidelines for data usage, determining who can access and utilise various data across all economic sectors in the EU. It aims to make data more accessible, ensure fairness, and stimulate a competitive data market with a focus on data-driven innovation. The new law also puts in place safeguards for data transfers whilst allowing for easier switching between providers of data processing services. Read the EC’s press release
Creation of European Health Data Space (EHDS) moves ahead
Members of the European Parliament (MEPs) voted on their position for the creation of a European Health Data Space (EHDS) on 28 November 2023. There was strong support for the initiative, with 95 votes in favour, 18 against, and 10 abstentions. The EHDS is a framework designed to enhance the control EU patients have over their personal healthcare data and to facilitate its secure sharing for research and not-for-profit purposes. The full house of the European Parliament will vote on the draft position in December.
CJEU clarifies details of penalty fines under GDPR
On 5 December 2023, the Court of Justice of the European Union (CJEU) issued judgements in cases C-579/21 and C-807/21, interpreting the General Data Protection Regulation (GDPR) regarding penalties for infringements. The CJEU ruled that a national data protection supervisory authority (DPA) may only impose a fine for a GDPR infringement if it was committed wrongfully, either intentionally or negligently. In calculating a fine, a DPA must consider the total worldwide turnover of the entire group from the preceding business year. Read the CJEU’s press release
G7 endorses AI process policy framework
On 1 December 2023, the Group of Seven’s (G7) Digital and Tech Ministers met to discuss generative AI, considering its rapid development and the ensuing challenges presented to the world. The ministers endorsed the AI Process Comprehensive Policy Framework and adopted a statement on operationalising data-free flows with trust. The G7 plans to continue its work on AI next year, including a focus on codes of conduct and the development of proposed monitoring tools and mechanisms to help organisations stay accountable. Read the Ministers' statement and AI process framework
6-month grace period for data controller registration with OIC
In Jamaica, the Hon. Dr. Dana Morris-Dixon announced a 6-month grace period for all data controllers to register with the Office of the Information Commissioner (OIC). Starting from 1 December 2023, which is the official implementation date of the Data Protection Act (2020), controllers can register on the OIC website. The grace period is to allow organisations more time to comply with the Act. The OIC encourages those ready to register to do so, while they advised others to use the grace period to prepare by appointing a Data Protection Officer (DPO) as required and ensuring compliance with the new law.
We are recruiting!
To support our ongoing requirement to continuously grow our remarkable and extraordinary #ONETEAM, we are seeking candidates for the following positions:
Data Protection Officers (based in the United Kingdom or The Netherlands)
Digital Marketing Specialist to join our #ONETEAM
If you are looking for a new and exciting challenge, and the opportunity to work for a Great Place to Work-Certified™ company, apply today!
You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice
The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595) Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom
The DPO Centre, 50 Liverpool Street, London, Greater London EC2M 7PR, United Kingdom