As we celebrate a new year, many HR/legal professionals will be thinking of areas that might need a bit of a refresh, and data privacy may be one of those.
When was the last time you looked at your privacy policies? If the answer is more than a year or two ago (or, if you haven’t got round to GDPR implementation), it might be a good idea to blow off the cobwebs and do a health check on your privacy documentation – especially as it is Data Privacy Day on 28 January!
There have been a number of developments over the last few years, following which employers might want to amend their policies:
- Changes in the workplace - working life has changed a lot over the past few years. The pandemic has accelerated the pace of change of the workplace – whether that change is an increase (or decrease) in remote working, changes in how employers use data or developments in technology including monitoring tech, data-sharing platforms, or artificial intelligence. Alongside the risks posed by data breaches and the need for robust cybersecurity, compliance with data privacy law is essential for all employers.
- Privacy Shield invalidated - in July 2020 the Privacy Shield mechanism, which many older privacy notices refer to, was held to be an invalid mechanism of data transfer.
- UK adequacy decision - in 2021, the EU deemed the UK’s post-Brexit data privacy regime (the UK legislation, which effectively implemented GDPR) to have 'adequacy' – meaning that the UK regime provides an ‘essentially equivalent’ level of protection to that which exists within the EU.
What’s on the cards for 2023 and beyond?
In 2023, we expect to see movement in the data privacy space.
- New UK legislation - the UK is considering amending its data privacy regime to make it easier for employers to comply with its requirements. When the UK’s data privacy regime was granted adequacy status (see above), the European Commission made clear that this could be revoked if UK law was to change to decrease the level of protection of individuals’ privacy. While the Government scrapped its proposed changes in September last year, it is expected that any new legislation introduced will follow the same principles.
- New AI legislation - both the EU and the UK are considering putting in place new legislation to regulate the use of AI, which could have consequences for employers, where the use of AI is increasing.
We recommend that organisations conduct a health check to ensure that they are complying with their current data privacy obligations and look out for developments in this space.
If you would like further information on your privacy or to request a copy of our GDPR checklist, please contact Deborah Margolis.