Are UK data protection laws about to change?
The Queen’s Speech earlier this month included introducing a Data Reform Bill, the purpose of which includes
- creating ‘a new pro-growth and trusted UK data protection framework that reduces burdens on businesses…’
- increase industry participation in Smart Data Schemes, which will give small businesses and individuals greater control of their personal data
- ensuring the ICO (Information Commissioner’s Office) has ‘the capabilities and powers to take stronger action against organisations who breach data protection laws’
Reforms are expected to draw upon the Department for Culture, Media and Sport’s (DCMS) public consultation which concluded last November.
Will UK organisations welcome the prospect of new data protection laws?
At the DIGIT Data Protection Summit in Edinburgh back on 24th March, Lee Pope, from the DCMS Data Policy and Governance Team, spoke as a panel member about reforming data protection laws. The discussion Chair asked the audience of Scottish business leaders and professionals to raise a hand if they anticipated benefits as a result, and not a single hand was raised.
Support for Scottish businesses?
While we wait to find out more about the changes proposed, on a more positive note, in Cardiff at the National Cyber Security Centre’s (NCSC) conference (CYBERUK2022) this month, there was a warmer audience response to the increase in new free resources available to help support and protect UK businesses from cyber-attacks and comply with security obligations under data protection laws.
Jude McCorry, Chief Executive of the Scottish Business Resilience Centre (SBRC) mentioned the resources developed and made available by the Scottish Government to help organisations prepare for an incident response in the event of a cyber incident, as well as the SBRC’s helpline for organisations in the event of a cyber-attack.
Additional challenges for schools – but new free resources
During a panel discussion chaired by Paul Maddinson, Director of the NCSC, it was mentioned how the education sector in particular gets badly hit by ransomware. Nelson Ody from RM plc, a group of businesses whose services include providing software systems and infrastructure to UK schools, colleges, universities and examination bodies, shared his view that problems were rife in the sector as often its systems are built to facilitate information sharing, with another obstacle being that schools have so much on their plate, with limited resources and 40% of head teachers not recognising cyber-security risk. From his perspective, ‘when you present as a soft target, you’re more likely to get attacked’.
Launch of free Web Check and Mail Check services from the NCSC to help protect schools from cyber-attacks was welcomed. This adds to the practical resources specifically for schools which were already available free from the NSCC. These include the NCSC’s Ten Steps to Cyber Security, useful whether a school’s IT is procured externally or managed internally. A Cyber Security Training Package specifically for school staff is in the pipeline, designed for delivery by school staff to school staff. NCSC also plan to produce guidance for governors and senior leaders on how to make sure cyber security is on the school’s agenda.
If you have any questions on any of the issues mentioned in the above article, please contact Sean Morris.