close
close

GDPR Day 2024: a look at past, present and future developments in the UK

Posted on by darion

May 25 marked six years since the entry into force of the General Data Protection Regulation.

Since its implementation, GDPR has been recognized globally as the gold standard in data protection legislation. The implementation of the GDPR signaled the European Union’s strong position on privacy and data security, which is reflected in high penalties imposed on entrepreneurs who violate GDPR standards. The GDPR has been retained in UK domestic law as the UK GDPR, which is consistent with the Data Protection Act 2018.

In this article, we look at the most important recent changes to data protection law and look ahead to the changes that will impact UK employers in the coming years.

  • EU Act on Artificial Intelligence – The EU Law on Artificial Intelligence (the “Artificial Intelligence Law”) was approved by the European Parliament on 13 March 2024 and will be the world’s first comprehensive law regulating artificial intelligence. The Artificial Intelligence Act imposes high penalties (almost twice as high as those provided for in the GDPR) and will have extraterritorial scope, meaning that multinational companies, even if they are not based in the EU, may still be subject to the Artificial Intelligence Act. Read our more detailed analysis of the Artificial Intelligence Act here.
  • UK Artificial Intelligence Regulation – unlike the EU approach, the UK has adopted a more “innovative” approach, introducing regulations and guidelines for specific sectors. There are some rumors of potential regulation in this area, including a draft bill that seeks to regulate artificial intelligence in employment and create a central authority for artificial intelligence in the UK. Read more about it here.
  • Potential departure from UK GDPR – post-Brexit, the UK government has proposed new rules to simplify the UK data protection framework, reducing the compliance burden on organizations. The Data Protection and Digital Information Protection Bill is still pending in the House of Lords in the UK. Read our more detailed analysis of the bill here.
  • More ICO tips – as technology and law progress, we can expect more guidance to be published by the UK Information Commissioner. The ICO published its guidance on artificial intelligence in the workplace in March 2023.
  • European Commission GDPR review – we expect the European Commission to publish its review of the EU GDPR in 2024.
  • Areas of regulatory concern – as part of its strategic plans, the ICO has committed to focus its attention on the use of artificial intelligence in recruitment and compliance with data protection rules in the financial services industry.
  • The Labor Government and policy change – it remains to be seen whether we will have a Labor government at the end of this year or early next year and what a Labor government will do in relation to data protection legislation. Early indications are that Labor may be more willing to regulate AI in the UK than the current Conservative government.