The long-term effects of the Covid pandemic are proving a major headache for UK data protection officers, as they attempt to keep their organisations on the right side of the law following an unprecedented 18 months.
That is the key finding of the latest UK Data Protection Index, a study carried out by the DPO Centre and the Data Protection World Forum (DPWF) which surveys an extensive panel of more than 400 UK DPOs.
The report reveals that the old chestnut of data retention is now the top concern keeping DPOs awake at night, followed by international data transfers, and accountability and demonstrating compliance.
The report highlights that data retention concerns are likely to be linked to the Covid-19 pandemic and uncertainty as to whether employees are retaining data on personal devices or making additional paper copies of data, which have become far more difficult to monitor when working from home.
Covid is also cited as the reason why DPOs’ perception of the importance of complying with privacy and data protection laws is now at its highest level since the Data Protection Index started a year ago. Almost four in ten DPOs (39%) said this had significantly increased, compared with just 21% in July 2020.
However, the majority of DPOs have seen a quarter-on-quarter decline in data subject access requests (DSARs) received over the past 30 days. The average number fell to 13.37, down from 16.07 in the last quarter, and well below the 18.04 recorded in November 2020. But this latest figure remains ahead of the average 11 requests recorded in July 2020.
There has also been a jump in confidence regarding the effectiveness of the Information Commissioner’s Office, with half of respondents giving a score of 8 or more out of 10, up from 38% in March 2021.
DPO Centre chief executive Rob Masson said: “It has been a roller-coaster of a year for the privacy and data protection industry. Organisations in the UK are now subjected to more privacy regulations and complexity than they ever have been. The lasting impact of Covid and the new array of regulations post-Brexit and the Schrems II decision, means companies are grappling with their data responsibilities.”
But where international data transfers are concerned, DPOs have shown slightly more optimism around the relaxation of personal data transfer restrictions with other countries following the adoption of an adequacy agreement with the EU.
In addition, DPOs do expect the UK and US to strike an agreement to allow for the free movement of personal data between the two countries within the next three years.
Masson added: “Going forwards, the UK has an opportunity to create a strong data infrastructure with a high level of regulatory compliance, alongside developing a data-literate workforce, and increasing the number of people with advanced data skills. The data economy is integral to the UK’s growth and future prosperity.”
DPN guide aims to tackle thorny issue of data retention
The only way is ethics: Brands urged to sign data pledge
CMOs embrace data ethics but firms need to catch up
Brands urged to ‘do the right thing’ over data privacy
Data fears dominate in fresh call for adtech crackdown
DMA chief issues rallying cry for industry to change