Welcome to Data Protection Newsletter- September edition

Welcome to our September newsletter, covering 4 major news: the impact of data protection laws on organisations, a study by the ICO on GDPR, new cold calling rules in the UAE, Instagram’s teen privacy updates, and a ransomware attack affecting NHS services. These topics highlight the importance of staying compliant with changing regulations. ?

1. Understanding the Impact of Data Protection Legislation In Organisations

A recent study by the Information Commissioner’s Office (ICO) on the effects of data protection laws, especially the UK General Data Protection Regulation (GDPR), on organisations. The study used surveys and interviews to gather insights from data controllers across different sectors, revealing the?challenges and benefits of complying with these laws.?The ICO aimed to understand how data protection legislation impacts day-to-day operations.??

?

??Key Findings

• Data processing practices vary widely depending on the size and type of organisation. While some view data protection as a burden, others see it as an opportunity to improve customer trust and streamline processes.?
• The study also addresses the costs of compliance and emphasises the importance of seeking guidance from various sources.?

My latest article provides valuable lessons for organisations, encouraging them to see compliance as a chance to enhance their operations and build stronger customer relationships.

Read FULL ARTICLE for detailed insights.

2. How UAE Cold Callers Capture Your Data – And What Organisations Can Do About It?

New regulations that came into effect on 27 August 2024, in the UAE, aimed at curbing the nuisance of cold calling. These rules are designed to protect residents from unsolicited marketing calls, but they also raise important questions about how cold callers access your?personal data.?They often obtain data by purchasing it from third-party brokers, who gather information from various sources like online forms and social media. With weaker data protection regulations in the GCC region, these practices have been easier to carry out.?

?

??Key Lessons

• The new rules will impose restrictions on telemarketing, including designated calling hours, required approvals, and restrictions on repeated calls.?
• For businesses, non-compliance could result in heavy fines or even the loss of their operating license. To stay compliant, organisations should review their data collection practices, train their staff in the new rules, conduct regular audits, and consider shifting to permission-based marketing strategies.?
• On an individual level, residents can take steps to protect their data, such as registering for the UAE’s Do Not Call Registry and being cautious about sharing personal information.? This highlights the need for a cultural shift in marketing practices towards greater respect for consumer preferences.?

Read more data protection articles related to GCC regions.

??Spotlight on Recent News & Updates

3. Instagram Enhances Teen Privacy with New Features

Instagram is introducing fresh privacy tools aimed at protecting its younger users. The updates will be rolled out in the US, UK, Australia, and Canada first, with plans to expand to the EU by 2025. Lawmakers have been calling for stronger online protections, particularly with concerns over the impact of social media on teen mental health, and Instagram is responding with these changes.?

??Key Points?

For Under 18:

• Accounts will automatically be set to private, blocking strangers from sending direct messages.
• A "Sleep Mode" feature will mute notifications from 10 PM to 7 AM, encouraging teens to disconnect at night.
• Teens will receive age-appropriate recommendations and reminders to take breaks from the app.
• Parents will have more control over their child’s Instagram activity. They can set Sleep Mode hours and view who their teen has messaged (without reading the messages).

For Under 16:

• All the above rules apply.
• Additionally, teens under 16 will need parental permission to change specific settings, like making their accounts public.

There are still challenges around verifying user ages, but Instagram is working on AI-based technology to detect underage users by analysing behaviour and social interactions that could reveal their real age.

Learn more about Data Protection.

4. NHS?Services Hit by Ransomware, Software Provider Fined ￡6M?

Advanced Computer Software Group Ltd faces a provisional fine of ￡6.09 million following a ransomware attack that severely impacted NHS services and exposed the personal details of nearly 83,000 individuals. The hackers exploited a customer account without multi-factor authentication, revealing critical security failings.?

As a crucial IT supplier to the NHS, Advanced was responsible for safeguarding sensitive data, including medical records and information related to home care. Although there is no confirmation that the data has been sold or posted online, the breach caused major disruptions to patient services and brought serious flaws in their data protection strategies to light.?

Summary

• ICO Study on GDPR: Compliance can be challenging but also builds customer trust and streamlines operations.?

• UAE Cold Calling Rules: New restrictions require businesses to adjust telemarketing practices or face penalties.?

• Instagram Teen Privacy: New features protect younger users with stricter privacy settings and parental controls.?
• NHS Ransomware Attack: Highlights the need for stronger cybersecurity to protect sensitive data.?

Staying up to date with data protection laws is essential for organisations to avoid penalties and improve operations.??

Whether it’s GDPR compliance, adapting to new cold calling regulations, or enhancing cybersecurity, these changes present both challenges and opportunities for businesses to build trust and protect sensitive information.?

Stay informed and proactive in your data protection efforts. For further insights and support, feel free to submit your queries.

Until next time,?

Lynsey Hanson | Global Data Protection Officer