3 key considerations for responsible AI adoption in social housing
We explore the sector’s digital shift, from predictive repairs and income management to tenant engagement and the governance needed for responsible AI use.
Data Protection Day 2024 — How your business can keep up with evolving regulations
AuthorsEleanore Beard
3 min read
Commercial & Contracts, Technology, Media & Telecoms, Regulatory & Professional Conduct, Data Protection
Every year, 28 January marks Data Protection Day. Intended to raise awareness of consumer rights under data protection and privacy legislation, Data Protection Day also serves as a reminder for organisations to assess and prioritise their data security and internal practices to ensure regulatory compliance and build trust with customers.
Here, Senior Associate and data protection law expert Eleanore Beard explains how the data protection landscape has changed and what businesses need to do to stay on top.
How has data protection evolved?
Recent years have seen the data protection landscape continually evolve, with the introduction of regulations like the General Data Protection Regulation (GDPR) and various privacy laws globally, including (post-Brexit) the UK GDPR.
These regulations now set minimum standards for the collection, processing and storage of personal data — empowering individuals to have greater control over their information.
Last year, things developed further. In July 2023, the EU adopted its decision on the EU to US Data Privacy Framework. A few months later, the UK to US Data Bridge was approved as an extension to the Data Privacy Framework — providing a mechanism for businesses in the UK to transfer personal data to US businesses certified under the EU to US framework.
There are still concerns over this international transfer framework and further advice should always be sought for international transfers to ensure that the relevant protections are in place.
We also saw new data protection provisions like the Online Safety Act 2023 and other data protection initiatives being discussed, such as the regulation of AI — and there is no sign of this evolution slowing down.
The proposed new UK Data Protection and Digital Information Bill was debated in December 2023. Many believe that this is likely to start coming into UK law mid-2024 — so businesses need to prepare now.
How businesses should prepare
2023 saw an increase in public awareness around data protection, with individuals encouraged to take proactive steps to protect their privacy. This is likely to have played a role in the increased number of civil actions, claims and calls for class action lawsuits around data protection breaches.
To stay protected, businesses must implement robust data protection and cybersecurity measures, conduct regular audits and educate their people on correct data protection practices.
By prioritising privacy and staying informed about the evolving landscape of data protection, every business can contribute to a more secure and trustworthy digital world.
And while technological innovations can enhance security measures — such as encryption, biometrics and artificial intelligence — it’s important to be mindful of the potential risks and ethical considerations of failing to be compliant.
Need guidance? Talk to us
If you’re not sure where to start in terms of data protection, privacy and compliance, our experienced team can help.
With cost-effective and fixed-fee solutions, we can provide training and establish a compliant data privacy culture, implementing the principles of data protection and effective safeguarding.
Related insights
DUA: data protection complaints process explained & how to prepare
We delve into the key changes coming into force on 19 June 2026 and explain how businesses should prepare.
Procurement Act 2023 — what the first case means for automatic suspensions
We outline what's changed under the new test and consider what this may mean in practice for both contracting authorities and challengers.
Data centres under attack — what Iran’s strikes mean for UK businesses & how to respond
We explore the implications of the attacks for UK businesses and outline the practical measures that can help to mitigate similar disruption.
UK procurement reforms: tender strategies, Public Interest Test & social value objectives explained
We outline the key reforms and what contracting authorities and suppliers should be doing to prepare.
Athlete endorsement contracts explained: Nike signs 19-year-old pickleball world #1
We explore the legal considerations behind major athlete endorsement deals, from image rights to exclusivity and reputational protection.
Key takeaways from the Future of Retail: Risk & Resilience Conference 2026 — Martyn’s Law, AI & consumer trust
We brought the retail sector together in London for a focused look at the risks, from physical threats, digital disruption and reputational challenges.
UK’s stance on generative AI & copyright — what businesses need to know
We explore how new parliamentary findings and the Government’s updated position are shifting the UK’s direction on AI and copyright.
Emotional Perception — how UK AI patents are now being assessed
We explain how AI patent applications are now being assessed and what this means for innovation and patent strategies.
Deepfakes & AI fraud — what retailers need to know about the new digital battlefield
We explore why retailers are particularly affected by deepfakes and the implications around data protection, IP, advertising compliance and more.
Implementing AI at work — your legal obligations
We explore how AI is transforming data protection, the risks that organisations now face and what effective compliance looks like today.
Martyn’s Law — what retailers need to know & how to prepare
We explore the key challenges retailers face with Martyn’s Law, how to balance compliance with operations and the common misconceptions.
Key takeaways from the Future of Tech conference 2026 — AI, sustainability & responsible innovation
We break down the key insights from each panel, exploring AI's real-world impact and why it’s crucial to balance innovation with long‑term sustainability.
Major study highlights a critical concussion “tipping point” in women’s football
We explore the key findings from the study and outline what they mean for clubs, governing bodies and others responsible for player welfare.
7 crisis management steps every retailer should have in place to respond efficiently & protect your brand
We set out seven practical steps to help retailers to prepare, respond decisively and recover quickly when the unexpected happens.
AI in elite sport — key legal considerations around ‘performance enhancing technology’
AI is enhancing performance and even scouting future talent in elite sport. Sports technology and data are key to success, but come with legal risks.
The rise of sustainable tech — opportunities, challenges & the role of AI
We discuss the key opportunities and considerations shaping the future of sustainable AI and quantum‑powered technology.
Reddit’s £14.47m ICO fine — what UK businesses need to do as child protection enforcement ramps up
We break down what the ICO found and outline three key steps that UK businesses should take now.
Athlete expression & Rule 50 — how the IOC applied its guidelines at Milano Cortina 2026
We explore how athlete expression, public scrutiny and the IOC’s rulebook collided on one of the world’s biggest sporting stages.
The UK’s path to 2030 — clean energy in an era of tech acceleration & infrastructure reform
We explore how the UK’s shift to clean power is reshaping industry, infrastructure and the future of energy security.
Am I a data controller? GDPR for social media users explained
We look at the UK GDPR and the Data Protection Act 2018 and outline how the GDPR can apply to both organisations and individuals as data controllers.
The Digital Omnibus — proposed key changes to EU data protection obligations
We break down the key proposed reforms in the Digital Omnibus Package and outline what businesses should do to prepare.
3 potential ways generative AI could lead to defamation claims
We explain where generative AI has the potential to damage individuals’ reputations and examine relevant case law from other jurisdictions.
Deepfakes & AI-powered cybercrime in sport — how can athletes & clubs protect themselves?
We discuss the mounting dangers of AI-powered cybercrime across the world of sport with David Andrew — the Founder and Managing Partner of Tiaki.
Data Protection FAQs
Find answers to our most frequently asked questions about data protection and privacy from our lawyers.