The UK Information Commissioner set out the ICO’s plans for 2021. Some may not directly impact the recruitment sector, but it can be useful to be aware of the wider data protection landscape.
Plans they describe include:
Continuing to support organisations in COVID-19 related data protection matters. The ICO continues to update its data Protection and coronavirus advice on matters such as testing, data collection and contact tracing.
Innovation and improvements in data sharing between organisations, including adopting the guidance set out in its updated Data Sharing Code of Practice. As part of this, the ICO has also announced plans to update its guidance on anonymisation and pseudonymisation practices for personal data.
Supporting adoption of the recently introduced Age Appropriate Design Code, which sets statutory data privacy standards for online services likely to be accessed by children under aged under 18.
Continuing proactive investigations and audits, in particular in the areas of adtech and direct marketing data broking activities; and enforcements for non-compliant handling of direct marketing data.
The ICO’s focus may evolve in other areas as the year progresses. In the meantime, we see spot-check audits and some enforcement activities that the regulator temporarily paused or relaxed during COVID, starting to be resumed.
Global regulator focus
For a global round-up of regulator focus and developments globally, see this helpful blog summarising selected countries in Europe, Asia and South America. Themes include:
continuing proactive enforcement action;
security of special category and heath data;
data breach notification;
international data transfer; and
website cookie rules compliance.
Review your GDPR compliance in the areas being highlighted by regulators. Particularly where there may have been changes to the scope of scope your services, marketing activities, or geographies where you operate.
Contact our helpline for further information or guidance about any of these areas of data protection.