Looking back over 2022, HewardMills has continued to consistently set the standard on data protection and privacy, championing best practice and working hand in hand with our global clients to identify and address data protection and privacy gaps.
Over the course of the year, we have seen data privacy and protection hit the headlines with increasing frequency, with a number of well-known brands failing to comply with regulations and data breaches on the rise; highlighting the need for organisations to have comprehensive data protection programmes in place to mitigate such compliance risks.
We supported clients by giving practical compliance tips in relation to the Google and Facebook fines by the French Data Protection Authority (CNIL) and shared guidance on how best to kick off a privacy compliance project .
We also highlighted Clearview AI, who were handed the highest ever fine by the Greek Data Protection Authority for collecting information from publicly available sources and then selling it on to private companies and law enforcement agencies around the world.
A heightened risk of cyberattacks was driven by the outbreak of war in Ukraine in February, and greater awareness of cybersecurity and stricter regulations for organisations in the event of an attack impacting multiple jurisdictions have become a key theme for the year, with continued importance as we move into 2023.
Accordingly, we shared some valuable steps on how best to protect your data.
Following on from that, just last month, the National Cyber Security Centre (NCSC) announced the scanning of all internet accessible systems hosted in the UK for vulnerabilities that could potentially have a high-risk impact.
Standard Contractual Clauses
We guided clients through the standard contractual clauses (SCCs) which are being updated under the GDPR (General Data Protection Regulation) and which comes into force for the UK on 21st March 2024.
Children’s Privacy Rights
Last year, we anticipated there would be an increased regulation on the use of children’s data in 2022 and during the course of this year, there have been further updates to the US Children’s Privacy laws.
To further assist organisations processing children’s data in a compliant manner, we also compiled a list of key recommendations.
Women’s Privacy Rights
Following a ruling by the U.S. Supreme Court in the case, Roe v. Wade, millions of Americans lost their right to have an abortion back in the summer.
In protesting this decision, we informed you of Google’s annoucement to change its approach in collecting data in the USA to support women’s privacy. In light of this, we also advised you to revisit your phone settings to ensure no personal data was being accessed involuntarily.
DE&I and Internal Initiatives
If you are a business like HewardMills that champions data dignity and diversity by design, here were some tips we shared on creating a diverse workplace in your organisation.
We were also immensely proud to announce last month that HewardMills is now B Corp Certified !
After a rigorous and comprehensive evaluation, we officially now belong to a community of businesses that are verified to high standards of social and environmental performance, transparency and accountability. Together, we are stronger and will continue to grow!
Looking ahead to 2023, we expect to see developments and heightened focus on the following areas:
- DPO appointments in the EU, as a result of the recently announced European Data Protection Board (EDPB) coordinated enforcement action,
- The use of cloud-based productivity products like Microsoft 365, following a report by a German working group,
- State privacy laws in the United States, led by California’s enforcement of its new California Privacy Rights Act (CPRA) rules and new laws in Virginia, Colorado, and Connecticut, and
- Data transfers to the US in light of the upcoming EU-US Data Privacy Framework