During 2018 EU GDPR was originally introduced by the EU and enforced by the Commissioners Information Office (ICO) here in the UK. Since then, many factors are seen to be influencing the next phase of UK GDPR (UK General Data Protection Regulation).
So, what is happening and why is change needed? Brexit, global cyber security threats and new advances in digital technology are just some of the reasons why the new UK GDPR is currently undergoing many review processes.
UK GDPR Updates
Data Reform Bill – According to the UK Government, the Data Reform Bill will use Brexit as leverage to create a data protection framework ‘that reduces burdens on businesses, boosts the economy, helps scientists to innovate and improves the lives of people in the UK’. This means that the government hopes to increase our competitiveness as a nation by removing some of the data compliance burdens and also intends to modernise the ICO by introducing new smart data sharing schemes.
New Google Analytics Compliance – Google is managed under US regulations which in the eyes of the EU directorate can seem more relaxed in terms of controlling privacy. This means that the directorate has raised concerns that our data is not being captured and protected sufficiently, according to EU GDPR requirements. Whilst UK GDPR is now independent of EU GDPR and therefore no longer legally bound to EU GDPR ruling, taking an independent approach to the US could place the UK in a tricky position when considering data privacy issues and how information is both gathered, utilised and destroyed. This challenge is currently in debate with UK government representatives.
Protection of data in terms of AI – The EU are currently drawing up new regulation with regards to data and AI technology, which could also be adopted by UK GDPR. Their approach is based on four levels of risks – “Unacceptable risk AI: Harmful uses of AI that contravene EU values. High-risk AI: AI systems that are creating adverse impact on people’s safety or their fundamental rights. Limited risk AI: Some AI systems will be subject to a limited set of obligations. Minimal risk AI systems that can be developed and used in the EU without additional legal obligations than existing legislation”.
Are your business data information systems adequately protected? At Crendon Insurance we provide UK GDPR data protection insurance to companies who regularly manage and store customer data. If you are operating a CRM or customer accounts databases which includes private business information such as names, telephone numbers, email addresses and business addresses, then it is urgent that you check that your business is covered. Failure to do so could result in a hefty fine from the ICO should your IT system fall victim to a cyber security crime. To find out more about protecting your business through UK GDPR insurance and cyber security insurance, please contact us.
Blogs used to write this article: