The period of ‘wash-up’ – when Government aims to progress legislation yet to receive Royal Assent – is expected to end today ahead of Parliament dissolving for the run up to the General Election on 4th July 2024.
When Parliament is dissolved on 30 May, all outstanding Bills will cease and will not carry forward to a new Parliamentary session. The Data Protection and Digital Information Bill (No.2) (“DPDI”) will not feature as part of the wash-up session, meaning it will not progress into law - so what does this mean for data protection legislation and compliance?
As a result of the Bill no longer progressing, the existing data protection legislation, the Data Protection Act 2018 (“DPA”) and UK General Data Protection Regulation (“GDPR”), will remain unchanged. Whilst the outcome of the general election is uncertain, there has been no indication from any political party that they will revisit this legislative reform - so it looks as though there will be no modifications to the current data privacy legislative framework for the foreseeable future.
Out with the old… In with the new…
However, organisations shouldn’t remain complacent. In our recent webinar series, we discussed various developments in the data protection landscape, including evolving guidance from the UK Information Commissioner’s Office, and reminded attendees about the importance of taking the opportunity to assess and update their data protection practices.
Below is a summary of some of the key things your organisation can do to support its compliance with the existing data protection legislation.
1. The data protection principles
At the heart of compliance is understanding the data protection principles and how these apply to your organisations processing of personal data. There are a range of considerations that need to be given, including the purposes, lawful basis, the retention period and security measures over the data you process.
This is often achieved through policies, procedures, notices, governance and training.
2. Provide privacy notices
GDPR requires organisations to inform individuals about how their data is processed, the purposes of processing, who it might be shared with, and how they can exercise their data protection rights. These are evolving documents, and organisations should review, update and amend processes on a regular basis to meet business needs. Furthermore, with the developing generative AI landscape, organisations ought to consider the data protection implications of using of these developing technologies and adopt suitable processes and policies.
3. Maintain data security
Implementing appropriate technical and organisational measures to protect personal data is crucially important. With the ever-evolving threat of a cyber attack, organisations need to apply procedures that promote best practices that align with the expectation of the law. This may require insights from industry standards and best practice guidance from the likes of the National Cyber Security Centre.
4. Conduct Data Protection Impact Assessments (DPIAs)
Understanding the data you process, the technology you use, and the ensuing risks is an important factor to demonstrate compliance with the law. It is not sufficient to merely consider these things, but to take proactive steps to demonstrate compliance.
5. Ensure third-party compliance
Organisations will likely look to share personal data with third parties. This needs to be managed and governed by legally binding contracts that set out a range of provisions that protect your organisation. For example, where there are international transfers, you may need to assess the risks and put in place safeguards to manage the transfers in accordance with the data protection legislation.
Our team of data privacy experts understand the importance of compliance with data protection legislation while considering the commercial impact on organisations. We offer practical and commercially-focused advice tailored to support organisations in meeting their data protection obligations. You can find out more about our services in this area here, or get in touch to discuss how we can help.
Written by
Related News, Insights & Events
Christmas is coming… and the cyber threat is heightened
The increased cyber risks around the Christmas and New Year period.
Top tips for employers on monitoring employees in the workplace: Data protection considerations
Jo McLean provides her top tips for monitoring employees in the workplace.
Mitigating the risk of charity fraud: Some top tips
As part of this year’s Charity Fraud Awareness Week, we partnered with the Fraud Advisory Panel and Evelyn Partners to host an event on what charities can do to protect themselves from fraud.