DP (Data Protection Act) / SAR (Subject Access Request) - Out of time

Activity tracking records for the Office of Privacy and Data Protection

DP (Data Protection Act) / SAR (Subject Access Request) - % In time

DP (Data Protection Act) / SAR (Subject Access Request) - In time

A survey conducted in April and May 2023 found that less than half of the surveyed organizations in the United States and the United Kingdom (UK) had completed selected actions to comply with state data privacy laws in the United States. Around ** percent of the respondents had made a comparison of the United States' state-level privacy law frameworks. A further ** percent said they were in the process of doing so. Furthermore, ** percent of the respondents said they had updated privacy policies, while almost ** percent were in the process of planning and conducting data assessments.

The European Union implemented data privacy laws in mid-2018 and the state of California enacted a similar law several weeks later. These regulations affect medical data collection and analysis. It is unclear if they achieve this goal in the realm of clinical trials. Here we investigate the effect of these laws on clinical trials through analysis of clinical trials recorded on the US's ClinicalTrials.gov, the World Health Organization's International Clinical Trials Registry Platform and scientific papers describing clinical trials. Our findings show that the number of phase 1 and 2 trials in countries not adhering to these data privacy laws rose significantly after implementation of these laws. The largest rise occurred in countries which are less free, as indicated by the negative correlation (−0.48, p = 0.008) between the civil liberties freedom score of countries and the increase in the number of trials. This trend was not observed in countries adhering to data privacy laws nor in the paper publication record. The rise was larger (and statistically significant) among industry funded trials and interventional trials. Thus, the implementation of data privacy laws is associated a change in the location of clinical trials, which are currently executed more often in countries where people have fewer protections for their data.

As of the end of 2024, multiple laws protecting children's online privacy were active. Some of these rules have come a long way. Being introduced in the 1980s, 1990s, Australia's Privacy Act and Children's Online Privacy Protection Act (COPPA), need modifications to respond to the recent technology developments. The European Union's General Data Protection Regulation (GDPR) and Digital Services Act (DSA) highlight the protection of children's online rights.

Data Protection Market size was valued at USD 139.3 Billion in 2024 and is projected to reach USD 463.66 Billion by 2032, growing at a CAGR of 16.22% from 2026 to 2032.Stringent Regulatory Compliance and Data Sovereignty Mandates: The single most powerful accelerator of the data protection market is the global shift toward comprehensive data privacy legislation. Regulations like the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) in the U.S., and Brazil's Lei Geral de Proteção de Dados (LGPD) have set a globally significant precedent for compliance, compelling widespread organizational investment. The threat of non compliance which includes globally calculated fines, public reputational damage, and legal action forces companies to implement robust Data Loss Prevention (DLP), consent management, and data mapping tools.

SAR Database contains details of staff & ex-staff Data Protection Act (DPA) SARs received by BIS (including predecessor departments BERR and DTI, and relevant Executive Agencies), and DECC.

As of January 2025, The European Union (EU) had three fully operating and one upcoming law regarding online privacy and the usage of digital technologies. The first one, the General Data Protection Regulation (GDPR), was enacted in May 2018. The second law became effective on February 17, 2024, and is called the Digital Services Act (DSA). In March 2024, another law protecting consumer privacy, the Digital Markets Act, was enacted. The latest regulation adopted by the European Union (EU) is called the Cyber Resilience Act (CRA), which became active in December 2024.

A survey conducted in April and May 2023 revealed that around 55 percent of the companies that do business in the European Union (EU) and the United Kingdom (UK) found it challenging to adapt to new or changing requirements of the General Data Protection Regulation (GDPR) or Data Protection Act 2018 (DPA). A further 45 percent of the survey respondents said it was challenging to increase the budget because of the changes in the data privacy laws.

A survey conducted from April to May 2022 found that *** in ** organizations in the United States designated an internal project manager or owner to manage compliance with state-level privacy laws. Around half of the organizations conducted data mapping and had an understanding of data practices across the organization. A further ** percent said they updated privacy policies, while ** percent said they were in the process of doing so.

DP (Data Protection Act) / SAR (Subject Access Request) - Total Received - (YTD)

As of January 2025, the United States had several federal laws dedicated to data privacy of its citizens. Each of them, though, covers one or a few specific areas of data privacy. The Privacy Act of 1974 controls the data collection and use by federal agencies and was enacted in September 1975. The law regulating data privacy in the healthcare industry, the Health Insurance Portability and Accountability Act (HIPAA), was enacted on August 21, 1996. The U.S. federal law protecting the data privacy of individuals under 13 has been active since 1998. The Gramm-Leach-Bliley Act (GLBA), effective since November 1999, protects individuals' financial information privacy. Additionally, several states have developed and implemented online data privacy laws.

A Data Protection Impact Assessment (DPIA) is one of the ways to find out what privacy risks people face when information is collected, used, stored, or shared about them. This helps the London Borough of Barnet find issues so that risks can be taken away or lowered to a level that is acceptable. It also cuts down on privacy breaches and complaints that could hurt the Council's reputation or lead to action by the Information Commissioner (the government watchdog). The London Borough of Barnet makes DPIAs public in with its Data Charter and the 2018 Data Protection Act and UK GDPR.

Between August 2023 and August 2024, the Federal Trade Commission (FTC) of the United States took law enforcement actions against 20 companies for data privacy and security violations. The latest updated case was with Verkada. The charges were filed by the FTC for failing to secure Videos, Other Personal Data and Violated CAN-SPAM Act.

🇬🇧 영국

DP (Data Protection Act) / SAR (Subject Access Request) - % Myöhästynyt aika

The Privacy Act Compilation contains descriptions of Federal agency systems of records maintained on individuals and procedures Federal agencies follow to assist individuals who request information about their records. It contains individual Privacy Act system descriptions and their governing regulations.