A review of the Data Practioners’ Conference – what we learned27th May 2021
Earlier this month, the ICO’s Data Protection Practitioners’ Conference 2021 was held, a fabulously informative event, from which we have much news to share.
The event itself was attended by 3,000 data protection professionals from across the country (over Zoom, of course). It was just great to be back to a sense of normality, develop our professional knowledge, and share our thoughts and professional opinions with others.
The main headlines that arose from the day were…
The UK SCCs is to go out for consultation in the Summer
Interestingly, we heard how the ICO is working on bespoke UK standard contractual clauses (SCCs) for international data transfers.
ICO Deputy Commissioner Steve Wood spoke at the conference, saying, “I think we recognise that standard contractual clauses are one of the most heavily used transfer tools in the UK (not only are we going out for consultation in the Summer)… We’re also considering the value to the UK for us to recognise transfer tools from other countries . . .so that would include the EU’s standard contractual clauses as well.”
This is excellent news as, although a treaty is currently in place between the UK and the EU for personal data to flow freely, see our blog back in January, this is set to end in July 2021. Presently, if you transfer data from the EU into the UK, this isn’t a legal, legitimate transfer unless you have a SSC in place, so any revisions will undoubtedly be one to watch.
The positives that have arisen from a turbulent year
Many speakers on the day alluded to the challenging year that we have all faced.
Elizabeth Denham, UK Information Commissioner, succinctly said, “As a community, we’ve proven our resilience. And we’ve shown that pragmatism, coupled with a principles-based law, can adapt to the circumstances of the day. In the face of high stakes and high pressure, we have all raised our game.”
With the rise in Cyber Threats due to so many working from home, coupled with Brexit and various updates on codes of practice and guidance from the ICO, it is no wonder businesses question if they are fully compliant. At a time when it’s been hard to put personal worries such as the health of our loved ones to the side, it is fantastic to hear so much positivity from our industry.
A sensible approach to Data Protection; how it can be a balancing act
The Data Ethics seminar run by Ellis Parry, ICO Data Ethics Adviser, was particularly informative. Ellis spoke of how data ethics work as part of a consideration of the law and the role ethics can have in balancing the interests of society, including individuals, minority groups and data controllers.
To implement a balanced mix of personal data assets while ensuring that privacy, security, ethics, and compliance concerns are effectively managed is a massive task for any organisation to undertake. The ICO’s accountability framework can help organisations think about the risks around data processing and how to mitigate them, but as ever, getting the balance right can be complicated and is something we regularly tackle with our clients when we undertake our auditing service for our clients.
How to make Data Protection easy for SME’s
As an SME, everything you do should comply with UK GDPR / the UK Data Protection Act 2018 (which run alongside each other). Ensuring that you are maximising the use of your data, in a compliant way, can be the key to growing your business if you are an SME.
The Data Protection seminar, led by case officers whose day-to-day roles focus on supporting and advising SMEs on the ICO’s small business helpline was helpful. To access this service call our helpline on 0303 123 1113.
Alternatively, our SME services ensure your organisation is fully covered. We can provide GDPR help, data protection advice and conduct a GDPR audit, improving your knowledge and reviewing your data protection plans in order to provide complete peace of mind. Our services can be as in-depth as you need. We’ll save you time, stress and money, ensuring that there are no gaps in your legal compliance or data protection plans. [link]
Optimising the benefits of data sharing
GDPR insists that you map data flows and document what personal data you hold, where it came from, who you share it with and what you do with it. Your business must identify your lawful bases for processing and documenting data, as well as have systems in place to record and manage ongoing consent. You must be able to provide privacy information to all individuals, as well as recognise and respond to individuals’ requests to access their personal data. You should also have written agreements with all third-party service providers and processors too, to ensure that the personal data they access on your behalf is protected and secure.
At the conference, Phil Earl, Deputy Director at the Department for Digital, Culture, Media and Sport, said about the National Data Strategy, “We want the strategy to be setting a really high level of ambition for what we want to do – to position the UK as a global champion of data, driving the international flow of data across borders, but doing so in a way which continues to protect data to a high standard.”
With this in mind, we can only imagine that guidance and lawful procedures on data sharing can only become stricter in time.
If you would like further information or advice on your data protection practices, or you would like to arrange for training for yourself or your wider team, please do get in touch or take advantage of our 30-minute complimentary consultation session. Book your no-obligation consultation here.