When Suppliers Use AI: Contractual and Data Risks for Businesses
How suppliers’ use of AI can create IP, data protection, and contractual risks, and how businesses can manage them.
Read More
Data Privacy Week commemorates the signing of convention 108 on 28 January 1981, which was the first legally binding international treaty dealing with data privacy and data protection. This international initiative aims to raise awareness of data privacy and highlight its importance.
To champion the initiative, our Commercial & Data Protection team discusses the most important data issues organisations need to be aware of in 2022.
Commercial & Data Protection|28 January 2022
Insight
Data protection and privacy are more critical now than ever before. Data compliance errors can easily land businesses, charities, schools and other organisations in legal difficulty.
Since the signing of convention 108 in 1981, data protection has become ever more regulated, with the digital age seeing people’s data being collected, stored and shared in a multiplicity of ways.
Individuals are becoming increasingly concerned about how companies use their data, especially since the General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA) came into force. However, many organisations remain unaware of the nuances of these laws and the extent of protection they afford to individuals.
Breaches of the UK GDPR and DPA carry significant financial consequences, the maximum fine being £17.5m or 4% of annual global turnover (if an undertaking reveals it to be greater).
In 2021, We Buy Any Car, Sports Direct and Saga were fined a combined total of £495,000 for sending ‘nuisance messages’ in breach of the UK GDPR principal that data processing should be fair, lawful and transparent. A requisite of this law is that, when marketing directly to an individual, explicit consent should be obtained. These cases highlight that even large corporations are at risk of making mistakes in regards to the data protection legislation in the UK. Businesses of all size carry a risk of significant financial penalties if they are unaware of the intricacies of the law.
In addition to the financial risks stemming from data protection breaches, the increased public awareness of data privacy rights means that it is imperative for organisations to have processes and procedures in place to build and maintain trust with their customers and employees. Breaching the UK GDPR and the DPA is likely to yield not only financial consequences, but significant reputational damage.
The Government has plans to overhaul data protection law in the UK following Brexit, with the Digital Secretary, Oliver Dowden, driving the change to a ‘common-sense’ approach to data protection laws. One significant development has emerged in relation to cookies, with the UK’s Information Commissioner, Elizabeth Denham, meeting with the G7 authorities in September 2021. She called for an overhaul of the current system, explaining that constant pop-ups create ‘cookie fatigue’ that vitiate true user consent, meaning that the way in which websites present their cookies is likely to change.
Significant tremors are being felt in the data protection world post-Brexit, and it is highly likely that this area will see many changes in the coming months and years. What this means for businesses is currently unclear, although it is clear that data protection laws in the UK are not in a state of equilibrium, and businesses must adapt to the changes that are to come.
Here are some critical steps organisations can take to reduce their risks.
Organisations should conduct regular data audits to identify any gaps and shortfalls in compliance. Risk assessments can help identify vulnerabilities that could lead to data being stolen or misused. Any problems identified should be immediately rectified, whether that is through new security systems or a policy for employees.
All staff who handle the data of customers, suppliers, or other team members should receive training on data protection law, with clear policies and procedures in place to ensure compliance.
Customers (or parents, if the customers are children) should be aware of how their data is to be used and provided with the opportunity to consent to this. This usually takes the form of agreements and documents such as cookies and privacy policies, data sharing agreements, and processing agreements.
As Data Privacy Week champions, we are committed to help you and your organisation manage the risks associated with data protection and assist you in your journey to compliance by offering you:
Contact Us
If you have any questions or queries in relation to data privacy week and data protection in general, please do not hesitate to contact Haroon Younis on 01332 226 466 or 07813 203 658, or fill in the form below.
Related Services
Knowledge
How suppliers’ use of AI can create IP, data protection, and contractual risks, and how businesses can manage them.
Read MoreDrop shipping is growing fast. Find out how the right contracts can protect your margins, brand and legal position.
Read MoreLearn about fiduciary duties, commission disclosure, and legal compliance after the Expert Tooling v Engie ruling.
Read MoreLearn how Rukhadze v Recovery Partners reinforces strict fiduciary duties and what it means for your business and governance.
Read MoreThe ICO and CMA's joint statement outlines new AI in finance regulations, focusing on data protection, competition, and consumer safeguards.
Read MoreA decade of progress – but the fight against modern slavery isn’t over, we highlight how businesses can meet stricter transparency rules.
Read MoreNavigate AI regulations in financial services. Key insights from the FCA & ICO on compliance, data protection, and innovation.
Read MoreExplore how to create an AI usage policy that mitigates risks and ensures responsible adoption for your business.
Read MoreEffective data safety and optimisation are key to business success, reducing risks and improving efficiency in a digital world.
Read MoreLandmark EU court ruling awards damages for unlawful data transfer. Learn what this means for GDPR compliance and safeguarding your business.
Read MoreProtect your SME from data breaches. Discover key tips for GDPR compliance and data security during Data Protection Week.
Read MoreBoost profitability with well-negotiated commercial contracts—learn essential terms to protect and grow your business.
Read MoreScroll to next section
Scroll back to the top
On Monday 29 September, Flint Bishop successfully completed the acquisition of the entire business of Lupton Fawcett LLP. You have been forwarded to the page most relevant to your visit.
Please feel free to explore our website and learn more about our legal services and professionals, including those who have recently joined us from Lupton Fawcett.