1. DPO's role in AI Governance solidifies
As AI relies heavily on quality data, DPOs are crucial in helping organisations understand and utilise their data effectively. Given the overlap between data protection and AI governance, DPOs are increasingly managing AI compliance and governance. Both roles require the ability to coordinate cross-functional teams and adapt to evolving challenges.
2. Increased focus on Privacy by Design and Privacy-Enhancing technologies
With the growing need for data in AI, protecting that data and transforming it into privacy-enhancing or anonymised formats becomes essential. These tools enable organisations to benefit from their data while maintaining privacy. Privacy by design, a principle-based approach, will lead organisations to review their processing activities in depth, reducing risk and improving compliance management.
3. GDPR compliance frameworks updated for emerging digital regulations
Europe's digital regulations are complex and extensive. Privacy frameworks derived from the GDPR provide a solid foundation for building comprehensive compliance frameworks. These frameworks will be updated to accommodate new compliance requirements.
4. Shift in attitudes toward compliance as fines and consumer awareness increase
Numerous headlines about fines appeared in 2024. Regulatory bodies, like the DPC, have ramped up their complaint and breach management efforts, putting more pressure on organisations. As consumer awareness grows, driven by global discussions on data privacy, we will see increased attention to data protection compliance.
5. International transfers under scrutiny amid challenges to the EU-US Data Privacy Framework
International discussions will lead to greater scrutiny of data transfers. Recent findings by the CJEU (Court of Justice of the European Union) could significantly impact international data transfers, prompting organisations to reassess their practices.
6. Rising consumer awareness of data subject rights leading to more non-material damage cases
In Ireland, damages have been awarded for GDPR non-compliance. While this hasn't yet led to a surge in claims, increased awareness will empower data subjects to hold controllers accountable. Organisations may shift their focus from regulators to data subjects.
7. Increase in cookie consent enforcement
Cookies, often invasive and disruptive, are under scrutiny. The DPC's review of cookie compliance five years ago highlighted widespread non-compliance. Combined with the European Data Protection Board (EDPB) Cookie Banner Task Force and increased action by groups such as NOYB, we can expect enforcement actions as organisations have had time to implement recommendations.
8. Proactive approach to processor compliance and due diligence
As privacy programmes mature, organisations will focus on the entire data lifecycle, including third-party processors. The EDPB's opinion on data processors and sub-processors underscores the need for controllers to ensure compliance throughout the data value chain. This will likely lead to more queries and demands from controllers to processors.
9. Boards seeking greater assurance on data protection compliance and risks
With GDPR in effect for seven years, boards are increasingly concerned about data protection risks beyond compliance. This will drive a demand for assurance through audits and certifications, which are rapidly maturing.
10. Greater focus on transparency with practical notices
To empower data subjects, organisations must provide clear and practical transparency notices. Moving away from legalistic, lengthy and obscure notices to more informative ones will enhance transparency and build trust with data subjects.
Our Data Privacy experts recognise that compliance is pivotal to your business's strategic priorities. We specialise in helping our clients navigate the complex regulatory landscape, working closely with them to identify regulatory responsibilities and develop strategies to ensure full compliance.
Artificial intelligence (AI) is rapidly becoming an integral part of business operations and daily life. Yet, many organisations struggle to fully grasp its potential, risks and limitations.
This article delves into the main components of the application form, highlighting the key areas that applicants must address to gain authorisation.
Providing an independent perspective to help boards identify improvements and reach their full potential.
Forvis Mazars supports you in achieving and maintaining data protection & privacy compliance.
Forvis Mazars provides outsourced data protection officer (DPO) services to organisations that do not wish to directly employ a DPO
Tailored solutions for assurance and value creation in a changing world