The DPIA is a bitesize assessment of the impact of the most significant, interesting and important-to-know data protection issues.
The DPO Centre_DPIA_Newsletter

The DPIA is an assessment of the impact of the most significantignificant and important-to-know data protection issues from around the globe. It’s not the full story, just a quick 3-minute read, collated and condensed to keep you updated with the latest news in our ever-evolving industry.

NHS DSPT: A guide to the latest requirements and avoiding common mistakes 

The Data Security and Protection Toolkit (DSPT) is an online self-assessment for health or care organisations that process health data or access NHS patient data or systems. It must be submitted each year by 30 June. For the 2023-24 period, there are significant updates to the requirements. In our latest blog, we detail these important changes and provide tips for best practices to help health and care organisations avoid common compliance mistakes. 
Read our blog for the latest DSPT requirements

UK News

ICO publishes guidance on UK BCR Addendum 

On 19 December 2023, the Information Commissioner’s Office (ICO) updated its guide on UK Binding Corporate Rules (BCRs) with new guidance for using the UK BCR Addendum. The UK Addendum is intended to help streamline the data transfer process for organisations with approved EU BCRs and will extend the scope to include transfers from the UK. Previously, organisations had to create and maintain two separate versions of their BCRs. 

Organisations with existing EU BCRs can apply for a UK BCR by submitting the completed Addendum with the complete EU BCR, its approval, and a UK BCR summary document to the ICO. Read the ICO’s UK BCR guidance  

Supreme Court rules AI cannot be named as inventor in patent applications 

In the case of Thaler v Comptroller-General of Patents, Designs and Trade Marks (2023 UKSC 49), the UK Supreme Court ruled that artificial intelligence (AI) systems cannot be legally recognised as inventors in patent applications. Despite an appeal by Dr Thaler, the Court held that under the UK Patents Act 1977, the definition of ‘inventor’ is restricted to natural persons. This ruling contrasts with the unique decision made by Australia’s Federal Court in July 2021, when it determined that AI systems could be named as inventors for Australian patent applications. The US, EU, and now the UK have all rejected corresponding patent applications by Dr Thaler naming AI as an inventor. 

The DPO Centre DPO Academy
EU News

OpenAI moving EU data processing to Ireland

On 28 Dec 2023, ChatGPT developer, OpenAI, sent an email to users with details of updates to its Privacy Policy. From 15 February 2024, the data controller for users in the European Economic Area (EEA) and Switzerland will be the recently established Dublin-based subsidiary. The move is to ensure compliance with the EU’s General Data Protection Regulation (GDPR) standards. However, critics still question whether this will sufficiently address data protection and privacy concerns. There are calls for more transparency about how user data is handled and stored and for stronger measures to prevent potential misuse. 

Finland’s Ombudsman announces updates to data privacy legislation

On 27 December 2023, Finland’s Office of the Data Protection Ombudsman announced amendments to the Data Protection Act and the Data Protection Act in Criminal Matters. From 1 January 2024, authorised Data Protection Officers (DPOs) are required to either make a decision on a person’s complaint or inform the person of the decision within 3 months of initiating a case. If no decision or estimated date is provided within this timeframe, the person has the right to appeal to an administrative court. This new rule will not be applied to cases initiated before 2024.

Read the Finnish Ombudsman press release

The DPO Centre Charity & Community Fund
International News

UN AI Advisory Body seeks comments on Governing AI for Humanity Report 

On 21 December 2023, the UN AI Advisory Body launched its Interim Report titled Governing AI for Humanity. The Report explores areas such as AI Governance and AI Principles, detailing the specific risks of artificial intelligence (AI) systems, especially bias due to lack of accuracy and misinformation, including deepfakes. It emphasises the need for global alignment, with a focus on principles to guide AI Governance rather than a single model. The Report also analyses several current AI initiatives, including China’s Interim Measures for the Management of AI Services, the G7 Hiroshima AI and the EU AI Act. The UN AI Advisory Body requests public comments by 31 March 2024. 
Read the Governing AI for Humanity Interim Report 

Parliament of India passes the Telecommunications Bill 2023 

On 24 December 2024, the Telecommunications Bill, 2023 received Presidential assent, passing into law. India’s new Telecommunications Act, 2023 provides significant reforms, which seek to improve the ease of doing business in this sector. The Act also allows authorities to intercept or block messages between individuals on specific grounds and in the interests of national security. Another major aim of the Act is to protect users from cyber fraud and attacks, making cyberattacks a crime with up to 3 years’ imprisonment, a fine, or both. Read the Telecommunications Bill 2023 pdf

Thailand’s PDPC announces publication of data transfer regulations 

On 28 December 2023, Thailand’s Personal Data Protection Committee (PDPC) announced two regulations on international data transfers under Sections 28 and 29 of the Personal Data Protection Act 2019 (PDPA). The first regulation relates to personal data transfers to destination countries with adequacy status, and the second provides criteria for the appropriate protection measures when transferring to countries without adequacy. These regulations come into effect on 24 March 2024. 

Read the first regulation and the second regulation (both only available in Thai) 

Our Team is growing

We are recruiting!

To support our ongoing requirement to continuously grow our remarkable and extraordinary #ONETEAM, we are seeking candidates for the following positions:

  • Data Protection Officers (based in the United Kingdom or The Netherlands)
  • Junior Copywriter (Ipswich/hybrid)
  • Recruitment Coordinator (Ipswich/hybrid) 

If you are looking for a new and exciting challenge, and the opportunity to work for a Great Place to Work-Certified™ company and one of the UK's Best Workplaces in Consulting & Professional Services, apply today!

Copyright © 2024 The DPO Centre, All rights reserved. 

You have been sent this newsletter under legitimate interest, for more information please read our Privacy Notice

The DPO Centre is a limited company registered in England and Wales (Company Number: 10874595)
Registered Office: Suffolk Enterprise Centre, Felaw Street, Ipswich, IP2 8SJ, United Kingdom

The DPO Centre, 50 Liverpool Street, London, Greater London EC2M 7PR, United Kingdom

Manage preferences