The Easylife fine shows how some companies may be engaged in profiling without realising. The decision reminds us of the dangers of carelessly processing health data and demonstrates the important interaction between the GDPR and direct marketing laws.
At the Conservative Party Conference 2022 on Monday, newly-appointed Secretary of State for Digital, Culture, Media and Sport (DCMS) Michelle Donelan said the General Data Protection Regulation (GDPR) was “limiting the potential of our businesses”.
The government claims its “innovation-friendly and flexible” plans for AI regulation could help businesses avoid the “uncertainty that comes with regulatory compliance”. But could lighter touch regulation increase risks for UK businesses and individuals alike?
The transfer impact assessment (TIA) might be among the most demanding of the GDPR’s requirements. Assessing the surveillance regime of a third country can be a daunting task even for an experienced legal department—not to mention the thousands of SMEs engaged in international data transfers.
Four years on from the entry into force of the GDPR and the privacy landscape is still as complex as ever. The past 12 months have continued to be wrought with action and a heightened sense of privacy awareness. Developments in the Schrems II case and the privacy implications of the Coronavirus have highlighted a new level of compliance considerations for organisations to navigate.