Webinar recording: Data protection legislation – is your organisation compliant?
In our latest Moore ClearComm webinar, expert panel Richard Jackson and Meagan Mirza considered a range of fundamental concerns and issues that may cause you to question your organisation’s compliance and commitment to data privacy, and whether a review of your practices might be long overdue.
Since the EU (now UK) GDPR came into force in May 2018, UK-based organisations remain in varying states of legislative compliance, comprehension, and commitment to data protection and privacy best practice.
Supporting Comments
During the webinar, the team focused attention in the pending UK Data Protection and Digital Information Bill. Within hours of the conclusion of the webinar, the Prime Minister announced that the King had granted a request for dissolution of Parliament, and that a General Election will be held on 4 July. Subsequently, the thoughts of data protection professionals inevitably turned to the question of what would happen with the UK Data Protection and Digital Information Bill.
As of May 24th, there has been strong indication from opposition peers that the Bill has now “failed”. It will now have to be seen whether the next administration has the interest to revive the Bill in something like its current form.
Should Rishi Sunak be Prime Minister of the next government, it would seem quite likely the Bill would be swiftly resurrected. Should, instead, a Labour government assume power, it is probably unlikely that an identical data protection bill would be high on its agenda, but legal news outlets report that Labour might look to introduce a “digital bill in the autumn on entirely different lines” which would include legislation on Artificial Intelligence.
Should you have any questions in the meantime, please don`t hesitate to contact Rich direct: richard.jackson@mooreclear.com
Unanswered question from the session – Can I ask about gathering EDI (Equality and Diversity Information) from users?
Equal opportunities monitoring can enable organisations to commit to and/or demonstrate how they promote equality of opportunity whether internally with staff or externally with the service users/stakeholders/clients they engage with. This will potentially mean that personal data is being processed (unless it is anonymised) and it will also be special category data (ie health, ethnicity data) which is afforded a higher level of protection under the UK GDPR and Data Protection Act 2018.
This means that organisations will need to have a legal basis to process this type of personal data but will also need to ensure that they meet the condition/s required in terms of special category data. Organisations could rely on explicit consent for this processing but there are provisions within the legislation to allow you to process for the purpose of equality of opportunity which are set out at Schedule 1 Part 2 para 8 (equality of opportunity). This applies when the Organisation needs to process special category data for the purposes of monitoring equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained.
An organisation processing special category data will need to ensure that all the required safeguards are in place as well such as, in some cases, having an Appropriate Policy Document in place and ensuring that Privacy Notice/s cover this type of processing.