Friday the 28th of January is world data privacy day 2022. We look back on 2021 and give our top three privacy day predictions for 2022
Recap on data privacy in 2021
GDPR has been around for nearly four years now, however, this is the 16th time World Privacy Day has happened on this date. While the GDPR has been around for a while it is still very relevant in what we do every day.
Our GDPR survey 2022 reveals that 69% of respondents believe that GDPR is beneficial to individuals, 78% believe the risks related to non-compliance is increasing.
Download the full survey results GDPR survey 2022
The DPC recently announced that they received over 7,000 complaints in 2021, stark figures that demonstrate how prevalent GDPR is on the minds of the public!
The European Commission granted the UK a long-awaited Adequacy Decision, meaning we can continue to transfer data to our teams and partners based in the UK without having to put in additional steps.
The European Commission also created new Standard Contractual Clauses, which are to be used where we transfer data outside of the EEA and to a country without an adequacy decision.
The DPC issued some groundbreaking fines, one to WhatsApp for €225 million and notification to fine Facebook €65 million (this is likely to be increased following a review in Europe). Closer to home, the DPC recently issued a statement informing of a fine of the Teachers Council of Ireland of €60,000 in relation to a breach resulting from a phishing attack.
Data privacy focus 2022
Following a Joint Oireachtas Committee report, the DPC has moved from a position of advice and guidance to a position of enforcement, resulting in the increased likelihood of investigation and enforcement action.
In a webinar on the 19th of January deputy commissioners announced that they are undertaking a Record of Processing Activities (RoPA) sweep, this is something that should be front of mind at the moment for all Data Protection Officers, make sure yours is up to date.
International transfers of data will be a large area of focus in many organisations as we get to grips with the new agreements and requirements. Data transfer impact assessments are now required and are essential in ensuring that our fan, player, and staff data is protected no matter where it is. For more information on DTIAs check out our recent International data transfers webinar.
Will the ePrivacy Regulations be introduced? The Council wording on these regulations that will impact on marketing and communications activities has been approved by the Member States(Proposal for an ePrivacy Regulation), however, there is still a long road to enactment!
Our top 3 data privacy predictions for 2022
- We will see continued focus on enforcement relating to international transfers, some of which will stem from data subject queries and complaints
- Data protection culture will become a focal point for organisations as we continue to try and further embed compliance
- The first certification scheme will be approved and companies will be able to use this to demonstrate compliance, build trust and differentiate their organisations