GDPR in Financial Services - 2022 Regulatory Hotspots
06 April 2022
Rhiannon Webster, Jake Green and Shehana Cameron-Perera presented GDPR in Financial Services: 2022 Regulatory Hotspots on 30 March 2022.
During the webinar our speakers looked at three key topics which impact financial services organisations: the consequences of Brexit on data protection compliance; international transfers post Schrems II discussing the practicalities of approaching your data remediation projects; and managing data breaches in practice.
Key takeaways
- The UK's DCMS Consultation on the future of UK data protection law and the Brexit Freedoms Bill have the potential to change the UK data protection regime. For global organisations who are also caught by the EU GDPR, this will likely mean deferring to the "higher" standard rather than implementing two different data protection regimes.
- Whilst the new Trans-Atlantic Privacy Framework sounds promising, we caution against waiting for this to come into force and relying on it as your data transfer mechanism for transfers of personal data from the EU to the UK. Instead we advise proceeding with your remediation projects because the clock is ticking. For EU transfers, you are required to repaper existing contracts and incorporate new EU SCCs by 27 December 2022 and for UK transfers, existing contracts should be repapered to incorporate the UK IDTA/Addendum by 21 March 2024. With this in mind, develop your strategy for categorisation and prioritisation of transfers.
- In a world of expanding volumes of data and increasing numbers of cyber attacks, "breach readiness" is a key compliance action for most organisations. Review and update your breach response procedure , assemble your breach team and stress test your response.
A recording of the session and the webinar slides are available below.
Ashurst are here to support you on all stages of your data transfer compliance/remediation projects and we have included our offering placemat which should provide further details.
Please do reach out to the speakers or your normal Ashurst contact if you require any further information on the topics discussed.
The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.