A lot has happened during the last year. Covid-19 has made us look at how to build health testing and home-working into everyday routines. The Schrems II decision shook up our approach to international data transfers. The UK ICO published two new statutory codes – an Age Appropriate Design Code and a Data Sharing Code. Agreement on Brexit was saved to the last minute, so we were not sure about 2021 data transfers until we were eating our Christmas turkey the week before.
These developments have changed the risk profile of many data processing activities, prompting the need to review existing DPIAs, and the procedures for conducting DPIAs. This article considers the impact of these developments, and offers some practical guidance on how to review and update DPIA procedures in light of them.
Olivia Whitcroft, principal of OBEP, 23 April 2021
This article provides general information on the subject matter and is not intended to be relied upon as legal advice. If you would like to discuss this topic, please contact Olivia Whitcroft using the contact details set out here: Contact Details