The Latest Data Protection & Cyber Security News – March 2024

Hear from our hosts, Phil, Joe and Jasmine, and the wider community about their thoughts on recent data breaches and developments with the DPDI bill.

Group of professionals viewing a laptop screen in an office setting.

In March’s series of the Data Protection Made Easy podcast, we assessed the concerns surrounding the DPDI bill and recent data breaches that occurred in the week past. Discover the key takeaways from our podcasts below. 

DPDI Bill, Data Breaches & Difficulties Facing Businesses: Our Industry Opinion for March

Episode 160 & 162: GDPR Radio  

Our hosts started this month by reviewing the latest data protection news in the UK and afar. In our first episode, we looked at the Information Commissioner’s Office’s (ICO) recent £350,000 data breach fine for the Ministry of Defence (MOD), which accidentally disclosed 265 unique email addresses. 

We moved on to concerns about artificial intelligence (AI) and its impact on workplace privacy, such as data collection. For more insight, our blog on AI threats unearths the most significant worries facing today and the future. We also touched on privacy policies, inside trading and whether WhatsApp usage falls under the scope of an employee subject access request (SAR). 

In part two of GDPR Radio, we updated our community on more high-profile ICO fines and recent breaches that made the headlines. As breaches increase, we recommend that all organisations review their current data controls, policies, and procedures. Follow our GDPR audit checklist to learn how you can start preparing. 

After this, we analysed the Data Protection and Digital Information (DPDI) bill, which has sparked concern across the sector. We outlined vital changes in the bill, the controversies and a broader discussion of its impact on the future of UK data protection. For a deeper insight, head to episode 163, which invited the thoughts of our subscribers. 

Listen to GDPR Radio episode 160 and episode 162 on all popular streaming platforms. 

Episode 161: The Big and the Small of It 

The UK GDPR impacts every business of all shapes, sizes and sectors. For small businesses, barriers to GDPR compliance include limited resources and a general need for more knowledge. While it may seem that the UK GDPR is only a legal requirement the bigger you grow, it is, in fact, essential the moment you collect, process or store personal data. 

This means that even if you’re a start-up with a small database of customer data, you’re still required to meet data protection regulations. The risk for non-compliance? Fines of up to £17.5 million. 

In episode 161, we offered practical advice for maintaining data privacy even with little to no resources. We also highlighted other best practices for larger organisations, advising everyone to start their journey to GDPR compliance now before it gets too late.

Want to hear our tips? Listen in to episode 161 now. 

Episode 163: Bashing the Bill – Our Thoughts on the DPDI Bill 

If the DPDI bill isn’t on your mind, it will be soon. Episode 163 was the busiest open discussion of 2024, with over 150 live participants analysing its impact. 

The consensus agreed that the DPDI bill benefits business owners – but not its customers – as there is less obligation to protect personal information. Here’s a full breakdown of other critical points discussed:

  • Reduced access to personal data: Previously, organisations could deny SARs if it was “manifestly unfounded or excessive”. The DPDI changes this to “vexatious (no legal basis) or excessive”, creating a lower threshold for organisations to deny access to stored data.
  • Impact on individual rights: The digital rights group ORG argues that SARs are crucial for individuals to uncover why organisations are using their data. Reduced access makes challenging potentially unfair decisions based on automated systems harder.
  • Surveillance concerns: The DPDI bill allows for broader data reuse under “national security” or “crime prevention.” These unclear limitations raise shared concerns about increased surveillance.
  • Government vs. industry watchdog: The bill grants governmental control over the ICO, which may limit the ICO’s ability to hold companies accountable for personal data breaches or mishandling. 

Listen to episode 163 to hear more from our experts and the wider community. 

Have a question about the DPDI Bill? Subscribe to the Data Protection Made Easy podcast and tune in for more developments around this bill. 

Subscribe to Data Protection Made Easy Today

Next month, we invite a guest speaker from Google, Rebecca Balebako, to discuss how you can bridge the gap between privacy governance and IT/engineering teams for successful data compliance. 

Hear from Rebecca on Friday, April 5th, on Spotify, Apple, Deezer, or directly in our Resource Centre.