Data protection and privacy are more critical now than ever before. Data compliance errors can easily land businesses, charities, schools and other organisations in legal difficulty.
How does data privacy law affect UK businesses in 2022?
Since the signing of convention 108 in 1981, data protection has become ever more regulated, with the digital age seeing people’s data being collected, stored and shared in a multiplicity of ways.
Individuals are becoming increasingly concerned about how companies use their data, especially since the General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA) came into force. However, many organisations remain unaware of the nuances of these laws and the extent of protection they afford to individuals.
Breaches of the UK GDPR and DPA carry significant financial consequences, the maximum fine being £17.5m or 4% of annual global turnover (if an undertaking reveals it to be greater).
In 2021, We Buy Any Car, Sports Direct and Saga were fined a combined total of £495,000 for sending ‘nuisance messages’ in breach of the UK GDPR principal that data processing should be fair, lawful and transparent. A requisite of this law is that, when marketing directly to an individual, explicit consent should be obtained. These cases highlight that even large corporations are at risk of making mistakes in regards to the data protection legislation in the UK. Businesses of all size carry a risk of significant financial penalties if they are unaware of the intricacies of the law.
In addition to the financial risks stemming from data protection breaches, the increased public awareness of data privacy rights means that it is imperative for organisations to have processes and procedures in place to build and maintain trust with their customers and employees. Breaching the UK GDPR and the DPA is likely to yield not only financial consequences, but significant reputational damage.
Possible upcoming UK data protection law changes
The Government has plans to overhaul data protection law in the UK following Brexit, with the Digital Secretary, Oliver Dowden, driving the change to a ‘common-sense’ approach to data protection laws. One significant development has emerged in relation to cookies, with the UK’s Information Commissioner, Elizabeth Denham, meeting with the G7 authorities in September 2021. She called for an overhaul of the current system, explaining that constant pop-ups create ‘cookie fatigue’ that vitiate true user consent, meaning that the way in which websites present their cookies is likely to change.
Significant tremors are being felt in the data protection world post-Brexit, and it is highly likely that this area will see many changes in the coming months and years. What this means for businesses is currently unclear, although it is clear that data protection laws in the UK are not in a state of equilibrium, and businesses must adapt to the changes that are to come.
Tips to keep your business compliant with data protection laws
Here are some critical steps organisations can take to reduce their risks.
Organisations should conduct regular data audits to identify any gaps and shortfalls in compliance. Risk assessments can help identify vulnerabilities that could lead to data being stolen or misused. Any problems identified should be immediately rectified, whether that is through new security systems or a policy for employees.
All staff who handle the data of customers, suppliers, or other team members should receive training on data protection law, with clear policies and procedures in place to ensure compliance.
Customers (or parents, if the customers are children) should be aware of how their data is to be used and provided with the opportunity to consent to this. This usually takes the form of agreements and documents such as cookies and privacy policies, data sharing agreements, and processing agreements.
Data privacy solicitors for businesses and employers
As Data Privacy Week champions, we are committed to help you and your organisation manage the risks associated with data protection and assist you in your journey to compliance by offering you:
- Consultations and advice
- Documents to ensure compliance with data protection legislation.