Photo of David Naylor

David Naylor

The UK’s Data Protection and Digital information (No 2) Bill (the Bill) would remove the need for many organisations to appoint a Data Protection Officer. Instead, there would be an obligation on (i) public sector bodies, and (ii) organisations whose processing of personal data is likely to result in a “high risk” to the rights and freedoms of individuals to appoint a “Senior Responsible Individual” (SRI). Although presented as a measure to reduce administrative burdens and compliance costs, the requirement could have the opposite effect, also creating a role that carries significant personal risk for anyone willing to take it on.
Continue Reading UK Data Protection Reform: who would want to be a “Senior Responsible Individual”?

On 8 March 2023 the UK government heralded its new Data Protection and Digital Information (No 2) Bill (the Bill) as a “new common-sense-led version of the EU’s GDPR” that would save the UK economy more than £4 billion over the next 10 years and ensure that privacy and data protection are securely protected”.

Background

On October 7, 2022, US President Joe Biden signed the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the Executive Order), introducing new safeguards to protect the personal data shared between the EU and the US.

The Executive Order is the first tangible step towards a new transatlantic framework for personal data transfers, following the March 25, 2022, joint announcement by the European Commission president, Ursula von der Leyen, and US President Biden that they had reached an agreement in principle on a successor to the Privacy Shield.

While details of the actual content leaked over time, here is a summary of what the Executive Order is providing, but, more importantly, what the signature of the order means, not only for those who will be able to certify to the revised Privacy Shield, but also for all others.
Continue Reading We Have an EO, but Not (Yet) a New Transfer Mechanism