As technology continues to advance at an exponential rate, the issues surrounding security and privacy of data have never been more critical. London Tech Week serves as a crucial platform for industry leaders and experts to converge, exploring cutting-edge threats, proactive solutions and ethical responsibilities in the ever-evolving landscape of data protection. Understanding the key issues and considerations and taking a proactive approach is vital for businesses navigating this complex environment. From a legal perspective, we outline below some essential aspects to consider.
Evolving legal landscape
The world of data protection and security has experienced significant changes in recent years, to address the growing concerns around data privacy and the need for organisations to build resilience in the face of increasing cyber threats.
The GDPR[1], which came into effect in May 2018, was designed to harmonise data privacy laws across Europe, protect the rights of EU citizens, and reshape the way organisations approach data privacy, introducing stricter requirements for obtaining consent, increased transparency and enhanced rights for individuals to access and control their personal data. Whilst the GDPR is the “gold standard” for compliance, on a global level, privacy law is on the increase as other countries are bringing in legislation which tries to emulate this. In addition, the Digital Operational Resilience Act (DORA)[2] entered into force in January 2023 with the aim of establishing a framework for the financial sector to ensure operational resilience, cyber security and the protection of personal data. Failure to comply with these regulations can result in hefty fines, claims from individuals and considerable reputational damage.
These legislative developments highlight how important it is for businesses to remain agile and adaptable as the legal landscape evolves in response to the growing complexities and challenges surrounding data security and privacy, as technologies advance and threats continue to emerge.
Evolving Threats
With the widespread adoption of cloud computing, artificial intelligence and the Internet of Things, the potential attack surface for cybercriminals has grown remarkably. Emerging threats such as deepfakes, AI-driven attacks and sophisticated ransomware are rapidly becoming more elaborate, forcing businesses to bolster their cyber security strategies and invest in innovative solutions to protect themselves from attacks.
Article 32 of the GDPR emphasises the importance of implementing "appropriate technical and organisational measures" to ensure the ongoing security of personal data. Therefore, as the threat landscape evolves, so too must the measures taken by businesses to protect the data they hold. The bar for what is considered "appropriate" will continue to be raised, and technology will inevitably play a huge role in equipping organisations with the necessary tools and capabilities to meet these elevated standards.
Increasing pressure from regulators
The data protection regulator in the UK, the Information Commissioner's Office (ICO), recently revealed that over 3,000 cyber breaches were reported in 2023, with the finance (22%), retail (18%) and education (11%) sectors reporting the most incidents. The ICO issued a report focusing on five leading causes of cyber security breaches, including phishing, brute force attacks, denial of service, errors and supply chain attacks.
Accordingly, the ICO and National Cyber Security Centre (NCSC) have called for all organisations to boost their cyber security and protect the personal information they hold. Stephen Bonner, the ICO’s Deputy Commissioner, highlighted the importance of prioritising cyber security in a recent statement: “While there is no single solution to prevent cyber attacks, there is absolutely no excuse for not having the foundational controls in place. These are essential to protecting people’s personal information and we will take action, including fines, against organisations that are still not taking simple steps to secure their systems.”
Conclusion
London Tech Week underscores the importance of addressing the security and safeguarding of data, as technology continues to evolve alongside the sophistication of cyber threats and attacks. At the heart of this, collaboration and knowledge-sharing will be essential in shaping a future where data security and accessibility coexist harmoniously.
From a legal perspective, it has now been six years since the GDPR came into force; businesses are now expected to know about the GDPR and to take compliance seriously. However, as well as navigating the complex regulatory landscape around data protection and security, it is crucial for businesses to keep abreast of emerging trends and to be proactive in adopting innovative solutions to protect sensitive information and stay ahead of emerging threats. Embracing and leveraging new technologies will be a key part of this for businesses, to maintain a competitive edge and move towards the goal of ensuring a secure digital future.
Please get in touch with Eddie Powell or Michelle Levicki if you have any questions or concerns about any topics in this article and would like to discuss further.
