Summer seems to have arrived a little early but before we get too carried away thinking the sun is here to stay let’s have a look back at our top data protection news from a busy first quarter of 2025.
1. Firstly the Data (Use and Access) Bill continues to make progress and is expected to pass in April or May 2025. Linked to this, the European Commission is proposing to extend the EU-UK data adequacy decisions by six months to 27 December 2025 so they can assess the impact of the final form of the DUA Bill before making a decision.
2. The EU-US Data Privacy Framework has remained a regular topic of discussion this quarter and its validity seems to come into question more as each day passes due to the political landscape in the US. The failure of the EU-US DPF would likely put great pressure on the UK to follow suit in relation to the UK-US Data Bridge which is an extension of the DPF.
3. We have had a rare High Court ruling relating to what amounts to personal data in the context of subject access requests. You can read our article here.
4. The ICO has issued new guidance on protecting employee records and anonymisation and pseudonymisation.
5. Finally, the ICO has rarely issued UK GDPR fines in the last few years but even rarer, on 27 March 2025, the ICO confirmed its decision to issue a £3.07m fine to a processor! The processor in question, a subsidiary of Advanced Software Group Ltd, provided its software to the NHS and when it suffered a ransomware attack in 2022 it impacted front line healthcare services. As if that wasn’t enough to bring it to the ICO’s attention, the attack occurred because of some basic security failings including: multi-factor authentication gaps, issues with patch management and poor vulnerability scanning (aka inappropriate technical and organisational measures in clear breach of the UK GDPR).
Data protection law and best practice is ever changing so we can expect more top news next quarter.
Disclaimer
This information is intended for general informational purposes only and does not constitute legal advice. We recommend seeking professional advice before taking any action on the information provided. If you would like to discuss your specific circumstances, please feel free to contact us on 0800 2800 421.
