With the introduction of the second draft of the Data Protection and Digital Information Bill, earlier this month, along with fresh data breach guidance coming out of Europe, British businesses find themselves under increasing pressure to step up their commitment to meeting data regulatory requirements both at home and abroad.
In the latest Data Protection Index. Data protection experts in the UK rated what they believe will be their organisations’ biggest GDPR compliance challenges over the next twelve-month period:
• The most significant change in respondents’ attitudes this quarter relates to AI and machine learning. 14% of respondents identified this as their organisation’s biggest GDPR compliance challenge (up 7% from the last quarter).
• The second biggest GDPR compliance challenge identified by respondents through the survey was “international data transfers”, with 15% of respondents identifying this as their organisations’ top GDPR compliance challenge.
• 8% of respondents chose “handling individuals’ rights requests” as their organisations’ biggest GDPR compliance, the highest recorded score since the survey began back in Q3 2020.
Rob Masson “This quarter’s panel results were collected prior to the announcement of the UK Data Protection and Digital Information Bill (2), giving us unique insight into the sector’s views prior to its release and dissection.
It is a concern to see our panel members now expect to see their organisation’s budget for data protection stagnate during 2023. Particularly when the introduction of the new Bill requires the continued maintenance of the current, and in some areas, higher, compliance standards. Additionally, businesses processing personal data on both EU and UK residents will soon need to navigate two separate privacy regimes, and therefore likely subject to increased compliance costs.
This quarter’s results reveal that data retention, international data transfers, and AI and machine learning are the key compliance challenges. It therefore appears clear that 2023 is going to be just as interesting and challenging for the industry to traverse, as the previous almost 5 years have been since the GDPR came into force.”
In addition, the results of the DP Index reveal what data protection experts see as their organisations’ biggest data protection compliance issues:
• Privacy experts were least confident in their organisations’ compliance with data retention requirements, with just 23% of them scoring 8 or above in this area.
• Over the last four quarters, confidence in their organisations’ compliance with data retention requirements has declined.
• This quarter, respondents were most confident in their organisations’ compliance with the policies and procedures, with 77% of respondents scoring their organisation 8 or above in each category.
• The confidence in vendor compliance with due diligence has fallen significantly since the last quarter (down 5% from the last quarter and 10% from its Q1 2021 high).
Nick James, Founder, Data Protection World Forum, commented, “Data protection officers are on the frontlines of data evolution. It’s never been more important to take in their views to help us understand business priorities, how regulatory changes affect corporate needs, and how data subjects’ expectations are shifting.”
Leave a Comment