A survey conducted in April and May 2023 revealed that around ** percent of the companies that do business in the European Union (EU) and the United Kingdom (UK) found it challenging to adapt to new or changing requirements of the General Data Protection Regulation (GDPR) or Data Protection Act 2018 (DPA). A further ** percent of the survey respondents said it was challenging to increase the budget because of the changes in the data privacy laws.

A survey conducted in April and May 2023 revealed that around 35 percent of organizations in the United States and 40 percent of organizations in the United Kingdom pay higher costs for international data transfers due to data privacy regulations, but they also find it manageable. Furthermore, approximately 35 percent of respondents from both countries think the regulations encourage businesses by guaranteeing that the data will be safeguarded in other countries.

A survey conducted in April and May 2023 found that less than half of the surveyed organizations in the United States and the United Kingdom (UK) had completed selected actions to comply with state data privacy laws in the United States. Around ** percent of the respondents had made a comparison of the United States' state-level privacy law frameworks. A further ** percent said they were in the process of doing so. Furthermore, ** percent of the respondents said they had updated privacy policies, while almost ** percent were in the process of planning and conducting data assessments.

As of February 2025, the largest fine issued for violation of the General Data Protection Regulation (GDPR) in the United Kingdom (UK) was more than 22 million euros, received by British Airways in October 2020. Another fine received by Marriott International Inc. in the same month was the second-highest in the UK and amounted to over 20 million euros.

A survey of UK young adults between 18 and 34 years in October 2023 found that ethnic minorities tend to exercise their data protection rights. Around 33 percent of respondents representing ethnic minorities said they had refused to provide their biometric data, compared to 22 percent of white respondents. Similarly, young people of color were more likely to ask an organization to stop using their personal information.

This dataset is about books. It has 4 rows and is filtered where the book is Data protection : a practical guide to UK and EU law. It features 7 columns including author, publication date, language, and book publisher.

A survey conducted in April and May 2023 revealed that around a quarter of United States and United Kingdom organizations were highly concerned about data privacy law enforcement involving their company. A further 35 percent were worried about data breaches and other cybersecurity incidents. Dealing with high costs of privacy law compliance was a concern for approximately 20 percent of the respondents.

This is because it would breach the first data protection principle as: a) It is not fair to disclose these people’s personal details to the world and is likely to cause damage or distress to staff b) These details are not of sufficient interest to the public to warrant an intrusion into their privacy. Please click the below web link to see the exemption in full: https://www.legislation.gov.uk/ukpga/2000/36/section/40

The main project aims were to examine the human rights implications of rapidly developing technologies. As noted above, in an increasingly digitised world, technological developments and the collection, storage and use of 'big data' pose unprecedented challenges for the protection of human rights. The aim of the project was to examine the intersection of such technological developments and the ideals of human rights protection. The work focused on both positive and negative aspects of this relationship. As noted above, the core research aims were organised on these issues that cut across the threats and opportunities:1) How is the use of ICT and big data shaping the content and scope of rights? (2) How does the use of ICT and big data shape operational practices across state and non-state activities? What new theoretical questions and implications for human rights are generated? (3) What methodologies are needed to identify and document the misuse of modern technologies and the failure to comply with rights-based obligations? (4) How can the use of ICT and big data best support evidence-based approaches to human rights protection and advocacy? (5) What possibilities and limitations exist for regulating the collection, storage and use of ICT and big data by states and non-state actors? The deposited data largely focuses on interviews with law enforcement and security agency representatives about uses of digital technology. We found that an enthusiastic embrace of technnology often existed yet this was not always accompanied by the development of codes of practice, regulatory frameworks and operational guidence on how they should be used. In addition to a potential regulatory vacuum, such disconnects also placed additional burdens on law enforcement themselves as they sought to apply existing rules and regulations. This is something we have described in publications as 'surveillance arbitration'. We also include interviews with civil society actors and lawyers that interrogate these issues and associated digital rights campaigning matters in more detail.

Under the Freedom of Information Act 2000, I request the following information: The number of individuals of all ages who were prescribed contraceptives in the financial years 2019-2020, 2021-2020, 2020-2021, 2021-2022 and 2022-2023 in community settings (GP surgeries and pharmacies) broken down by contraceptive method. I would also like the proportion these represent of contraception users. For example, X proportion of those on contraception are using the Mirena coil. If possible, I would also appreciate if this were broken down by age of those prescriptions too. To clarify, I mean patients. I also mean both contraceptive drugs and appliances/devices Response A copy of the information is attached. Please read the following information to ensure correct understanding of the data. Fewer than five Please be aware that I have decided not to release the full details where the total number of individuals falls below five. This is because the individuals could be identified, when combined with other information that may be in the public domain or reasonably available. This information falls under the exemption in section 40 subsections 2 and 3 (a) of the Freedom of Information Act (FOIA). This is because it would breach the first data protection principle as: a - It is not fair to disclose individual’s personal details to the world and is likely to cause damage or distress. b - These details are not of sufficient interest to the public to warrant an intrusion into the privacy of the individual. Please click the weblink to see the exemption in full: www.legislation.gov.uk/ukpga/2000/36/section/40 NHS Business Services Authority (NHSBSA) - NHS Prescription Services process prescriptions for Pharmacy Contractors, Appliance Contractors, Dispensing Doctors, and Personal Administration with information then used to make payments to pharmacists and appliance contractors in England for prescriptions dispensed in primary care settings (other arrangements are in place for making payments to Dispensing Doctors and Personal Administration). This involves processing over one billion prescription items and payments totalling over £9 billion each year. The information gathered from this process is then used to provide information on costs and trends in prescribing in England and Wales to over 25,000 registered NHS and Department of Health and Social Care (DHSC) users. Data Source: ePACT2 - Data in ePACT2 is sourced from the NHSBSA Data Warehouse and is derived from products prescribed on prescriptions and dispensed in the Community. The data captured from prescription processing is used to calculate reimbursement and remuneration. It includes items prescribed in England, Wales, Scotland, Northern Ireland, Guernsey/Alderney, Jersey, and Isle of Man which have been dispensed in the community in England. English prescribing that has been dispensed in Wales, Scotland, Guernsey/Alderney, Jersey, and Isle of Man is also included. The data excludes: • Items not dispensed, disallowed and those returned to the contractor for further clarification. • Prescriptions prescribed and dispensed in prisons, hospitals, and private prescriptions. • Items prescribed but not presented for dispensing or not submitted to NHS Prescription Services by the dispenser. Dataset - The data is limited to presentations prescribed in BNF sections 0703 Contraceptives and BNF section 2104 Contraceptive Devices. Data is presented at BNF Sub Paragraph and BNF Presentation level. Time Period - Financial years 2019/20, 2020/21, 2021/22, 2022/23 and 2023/24 (April 2023 - January 2024). Data is currently available up to and including January 2024. Organisation Data - The data is for prescribing in England regardless of where dispensed in the community. British National Formulary (BNF) Sub Paragraph and Presentation Code – The BNF Code is a 15-digit code in which the first seven digits are allocated according to the categories in the BNF, and the last eight digits represent the medicinal product, form, strength and the link to the generic equivalent product. NHS Prescription Services has created pseudo BNF chapters, which are not published, for items not included in BNF chapters 1 to 15. Most of such items are dressings and appliances which NHS Prescription Services has classified into four pseudo BNF chapters (20 to 23). Patient Identification - Where patient identifiable figures have been reported they are based on the information captured during the prescription processing activities. Please note, patient details cannot be captured from every prescription form and based on the criteria used for this analysis, patient information (NHS number) was only available for 98.28% of prescription items. The unique patient count figures are based on a distinct count of NHS number as captured from the prescription image. Patient ages are based on the age as captured from the prescription image and relates to the patient's age at the time of prescribing/dispensing. Please note it is possible that a single patient may be included in the results for more than one age band where a patient has received prescribing at different ages during a financial year. The figures for the number of identifiable patients should not be combined and reported at any other level than provided as this may result in the double counting of patients. For example, a single patient could appear in the results for multiple presentations or both financial years. Patient Age - Shows the age of the patient, if recorded. Data Quality for patient age - NHSBSA stores information on the age of the recipient of each prescription as it was read by computer from images of paper prescriptions or as attached to messages sent through the electronic prescription system. The NHSBSA does not validate, verify or manually check the resulting information as part of the routine prescription processing. There are some data quality issues with the ages of patients prescribed the products. The NHSBSA holds prescription images for 18 months. A sample of the data was compared to the images of the paper prescription forms from which the data was generated where these images are still available. These checks revealed issues in the reliability of age data, in particular the quality of the stored age data was poor for patients recorded as aged two years and under. When considering the accuracy of age data, it is expected that a small number of prescriptions may be allocated against any given patient age incorrectly. Application of Disclosure Control to information services (prescriptions) products- ePACT 2 data is not published statistics - it is available to authorised NHS users who are subject to Caldicott Guardian approval. We have no plans to apply disclosure control to data released to ePACT 2 users. These users are under an obligation to protect the anonymity of any patients when reusing this data or releasing derived information publicly. All requests that fall under the FOI process are subject to the NHSBSA Anonymisation and Pseudonymisation Standard. The application of the techniques described in the standard is judged on a case-by-case basis (by NHSBSA Information Governance) in respect of what techniques should be applied. The ICO typically rules on a case-by-case basis too so each case or challenge or appeal is judged on its own merits. FOI rules apply to data that we hold as part of our normal course of business.

Whilst this some of the requested information is held by the NHSBSA, we have exempted some of the figures under section 40(2) subsections 2 and 3(a) of the FOIA because it is personal data of applicants to the VDPS. This is because it would breach the first data protection principle as: a - it is not fair to disclose individual’s personal details to the world and is likely to cause damage or distress. b - these details are not of sufficient interest to the public to warrant an intrusion into the privacy of the individual. https://www.legislation.gov.uk/ukpga/2000/36/section/40 Information Commissioner Office (ICO) Guidance is that information is personal data if it ‘relates to’ an ‘identifiable individual’ regulated by the UK General Data Protection Regulation (UK GDPR) or the Data Protection Act 2018. The information relates to personal data of the VDPS claimants and is special category data in the form of health information. As a result, the claimants could be identified, when combined with other information that may be in the public domain or reasonably available. Online communities exist for those adversely affected by vaccines they have received. This further increases the likelihood that those may be identified by disclosure of this information. Section 40(2) is an absolute, prejudice-based exemption and therefore is exempt if disclosure would contravene any of the data protection principles. To comply with the lawfulness, fairness, and transparency data protection principle, we either need the consent of the data subject(s) or there must be a legitimate interest in disclosure. In addition, the disclosure must be necessary to meet the legitimate interest and finally, the disclosure must not cause unwarranted harm. The NHSBSA has considered this and does not have the consent of the data subjects to release this information and believes that it would not be possible to obtain consent that meets the threshold in Article 7 of the UK GDPR. The NHSBSA acknowledges that you have a legitimate interest in disclosure of the information to provide the full picture of data held by the NHSBSA; however, we have concluded that disclosure of the requested information would cause unwarranted harm and therefore, section 40(2) is engaged. This is because there is a reasonable expectation that patient data processed by the NHSBSA remains confidential, especially special category data. There are no reasonable alternative measures that could meet the legitimate aim. As the information is highly confidential and sensitive, it outweighs the legitimate interest in the information. Section 41 FOIA This information is also exempt under section 41 of the FOIA (information provided in confidence). This is because the requested information was provided to the NHSBSA in confidence by a third party - another individual, company, public authority or any other type of legal entity. In this instance, details have been provided by the claimants. For Section 41 to be engaged, the following criteria must be fulfilled:

According to a survey of adults in the United Kingdom (UK) from January to February 2024, around seven in ten respondents asked an organization to stop sending them marketing communication through electronic means. Furthermore, over 30 percent refused to provide an organization with biometric data.

Snapshot img

Data Protection As A Service Market Size 2024-2028

The data protection as a service (DPaaS) market size is forecast to increase by USD 87.57 billion at a CAGR of 46.02% between 2023 and 2028.

The market is experiencing significant growth due to the rising adoption of this solution among various industries in the US. The exponential growth in the volume of data being generated and collected by enterprises necessitates strong data protection measures. Deployment modes like hosted services and hybrid cloud have made DPaaS more accessible and cost-effective for businesses. In-house security teams are increasingly turning to DPaaS to enhance their data security capabilities.
Disaster recovery is another key area where DPaaS is gaining traction, providing businesses with a reliable and efficient backup and recovery solution. Despite its benefits, the high cost of DPaaS remains a challenge for some enterprises. Overall, the DPaaS market is poised for continued growth as more organizations recognize the importance of securing their data in the digital age.

What will be the Data Protection As A Service Market Size During the Forecast Period?

Request Free Sample

The market refers to the provision of managed data security services through cloud-based solutions. These services enable organizations to safeguard their data from cyberattacks and data breaches, ensuring business continuity and compliance with data protection regulations. In the US, the adoption of DPaaS is on the rise as businesses seek to enhance their IT infrastructure's security and scalability. DPaaS offers several benefits to organizations, including scalability, management, and recovery options. Scalability allows businesses to easily expand their data protection capabilities as they grow, while management simplifies the process of securing data through centralized control. Recovery options ensure that data can be quickly restored in the event of a cyberattack or data loss. Cloud storage is a critical component of DPaaS, providing organizations with secure, offsite data storage. DPaaS providers offer advanced security features, such as encryption, access controls, and intrusion detection, to protect data in the cloud. Data breaches and cyberattacks pose significant risks to organizations, leading to financial losses, reputational damage, and legal consequences.
Moreover, DPaaS helps mitigate these risks by providing strong security measures and real-time threat detection and response. DPaaS can be deployed in various modes, including public, private, and hybrid clouds. The choice of deployment mode depends on the organization's size and specific security requirements. Small and medium-sized businesses may prefer public cloud solutions, while larger enterprises may opt for private or hybrid clouds for enhanced security and control. DPaaS is applicable to various industry verticals, including healthcare, finance, retail, and education. These industries handle sensitive data and are subject to stringent data protection regulations. DPaaS providers offer paid databases with threat intelligence and compliance information to help organizations stay informed and comply with regulatory requirements. Next-Generation Technologies: DPaaS solutions leverage next-generation technologies, such as artificial intelligence (AI) and machine learning (ML), to provide advanced threat detection and response capabilities.
Additionally, these technologies enable DPaaS providers to quickly identify and respond to emerging threats, ensuring that organizations' data remains secure. IT Infrastructure Industry: The IT infrastructure industry is a significant contributor to the growth of the DPaaS market. DPaaS solutions offer businesses a cost-effective and efficient way to enhance their data security capabilities without the need for extensive IT resources or expertise. DPaaS is an essential solution for businesses looking to enhance their data security and ensure business continuity in the face of cyberattacks and data breaches. With its scalability, management, and recovery options, DPaaS offers organizations the flexibility and control they need to protect their data in the cloud. As data security becomes increasingly critical, the adoption of DPaaS is expected to continue growing in the US and beyond.

How is this market segmented and which is the largest segment?

The market research report provides comprehensive data (region-wise segment analysis), with forecasts and estimates in 'USD billion' for the period 2024-2028, as well as historical data from 2018-2022 for the following segments.

Application

  STaaS
  BaaS
  DRaaS


Business Segment

  Large
  Small and medium


Geography

  North America

    US


  Europe

    Germany
    UK


  APAC

    China
    Japan


  South America



  Middle East and Africa

By Application Insights

The STaaS segment is est

Dataset on commits (and repositories) on GitHub making reference to data privacy legislation (covering laws: GDPR, CCPA, CPRA, UK DPA).

The dataset contains:
+ all_commits_info_merged-v2-SHA.csv : commits information as collected from various GitHub REST API calls (all data merged together).
+ repos_info_merged_USED-v2_with_loc.csv: repository information with some calculated data.
+ top-70-repos-commits-for-manual-check_commits-2coders.xlsx: results of the manual coding of the commits of the 70 most popular repositories in dataset.
+ user-rights-ω3.csv: different terms for user rights teriminology in legislation.
+ github_commits_analysis_replication.r: main analysis pipeline covering all RQs in the R programming language.

In order to perform also the initial data collection, the GitHub REST API can be used, collecting data using time intervals, for instance:
https://api.github.com/search/commits?q=%22GDPR%22+committer-date:2018-05-25..2018-05-30&sort=committer-date&order=asc&per_page=100&page=1

This dataset accompanies the following publication, so please cite it accordingly:

Georgia M. Kapitsaki, Maria Papoutsoglou, Evolution of repositories and privacy laws: commit activities in the GDPR and CCPA era, accepted for publication at Elsevier Journal of Systems & Software, 2025.

Snapshot img

Customer Data Platform Market Size 2024-2028

The customer data platform market size is forecast to increase by USD 19.02 billion at a CAGR of 32.12% between 2023 and 2028.

The customer data platform (CDP) market is experiencing significant growth due to several key trends. The increasing demand for personalized customer services in various industries, particularly e-commerce retail, is driving market growth. This trend is being fueled by the rising preference for omnichannel platforms that enable seamless customer interactions across multiple touchpoints. Additionally, the need to address customer data privacy concerns is another major factor contributing to the market's growth.
As businesses strive to provide more personalized experiences to their customers while ensuring data security, CDPs and workforce analytics are becoming an essential tool for managing and activating customer data in real time. This CDP market analysis report provides a comprehensive examination of these trends and other growth factors, offering valuable insights for businesses looking to leverage CDPs to enhance their customer engagement strategies.

What will be the Size of the Customer Data Platform Market During the Forecast Period?

Request Free Sample

The customer data platform (CDP) market is experiencing significant growth due to the increasing importance of customer intelligence for delivering omnichannel experiences. Businesses seek to understand their customers across multiple channels and touchpoints, requiring the ability to handle large volumes of complex data. CDP solutions enable data unification and identity resolution, ensuring accurate and consistent customer profiles. Data governance and privacy laws are driving the need for robust data protection and security measures, including data breach prevention and compliance with regulations such as GDPR and CCPA.
Additionally, AI and machine learning are being integrated into CDPs to enhance data analytics capabilities, providing valuable insights for industries like healthcare, telecom, travel and hospitality, and advertising.
The customer data platform market is evolving with AI-powered CDP solutions enhancing real-time data processing, customer data integration, and omnichannel marketing. Businesses focus on data privacy compliance and first-party data management to drive predictive analytics, customer segmentation, and personalized marketing. Cloud-based CDP adoption supports customer journey analytics, CDP for e-commerce, and cross-channel data activation. Data monetization strategies, identity resolution, and enterprise CDP solutions fuel CDP market growth, enabling data-driven customer insights and customer retention strategies.
Big data and real-time data processing are essential features, enabling businesses to make informed decisions and respond quickly to customer needs.

How is this Customer Data Platform Industry segmented and which is the largest segment?

The customer data platform industry research report provides comprehensive data (region-wise segment analysis), with forecasts and estimates in 'USD billion' for the period 2024-2028, as well as historical data from 2018-2022 for the following segments.

Deployment

  On-premises
  Cloud based


End-user

  Large enterprises
  Small and medium size enterprises


Geography

  North America

    US


  Europe

    Germany
    UK


  APAC

    China
    Japan


  South America



  Middle East and Africa

By Deployment Insights

The on-premises segment is estimated to witness significant growth during the forecast period.

The on-premises the market is experiencing substantial growth due to its ability to process and personalize customer data while maintaining data security within an organization's data centers or servers. On-premises CDPs offer customizable solutions tailored to specific business needs and unique data processing workflows, which may not be available in cloud-based alternatives. However, the need to upgrade hardware for data scalability is a consideration for on-premises CDPs. Key features of on-premises CDPs include data unification, identity resolution, data governance, data privacy, and data security. These platforms enable organizations to comply with data privacy laws, protect against data breaches, and address consumer concerns.

On-premises CDPs are particularly valuable for industries with large data volumes and complexities, such as advertising, healthcare services, telecom, media and entertainment, retail, and travel and hospitality. Integration with mobile devices, Short Message Service, and communication channels is essential for providing a seamless omnichannel experience. Machine learning and natural language processing technologies enhance data analysis and personalization capabilities. Cloud-based technology offers flexibility and cost savings, but on-premises CDP

BackgroundThe COVID-19 pandemic brought global disruption to health, society and economy, including to the conduct of clinical research. In the European Union (EU), the legal and ethical framework for research is complex and divergent. Many challenges exist in relation to the interplay of the various applicable rules, particularly with respect to compliance with the General Data Protection Regulation (GDPR). This study aimed to gain insights into the experience of key clinical research stakeholders [investigators, ethics committees (ECs), and data protection officers (DPOs)/legal experts working with clinical research sponsors] across the EU and the UK on the main challenges related to data protection in clinical research before and during the pandemic.Materials and methodsThe study consisted of an online survey and follow-up semi-structured interviews. Data collection occurred between April and December 2021. Survey data was analyzed descriptively, and the interviews underwent a framework analysis.Results and conclusionIn total, 191 respondents filled in the survey, of whom fourteen participated in the follow-up interviews. Out of the targeted 28 countries (EU and UK), 25 were represented in the survey. The majority of stakeholders were based in Western Europe. This study empirically elucidated numerous key legal and ethical issues related to GDPR compliance in the context of (cross-border) clinical research. It showed that the lack of legal harmonization remains the biggest challenge in the field, and that it is present not only at the level of the interplay of key EU legislative acts and national implementation of the GDPR, but also when it comes to interpretation at local, regional and institutional levels. Moreover, the role of ECs in data protection was further explored and possible ways forward for its normative delineation were discussed. According to the participants, the pandemic did not bring additional legal challenges. Although practical challenges (for instance, mainly related to the provision of information to patients) were high due to the globally enacted crisis measures, the key problematic issues on (cross-border) health research, interpretations of the legal texts and compliance strategies remained largely the same.

This report is one outcome of a study into privacy and human genetics initiated by John Gillott and staff and trustees of the Genetic Interest Group. \ud \ud The initial focus was on genetics and human rights, with an emphasis on legal aspects and policy decisions informed by law and rights ideology. Article 8 of the Human Rights Act 1998, the right to respect for private and family life,1 is of most relevance to this study, though other Articles are considered.\ud \ud The study as a whole comprises two broad strands of inquiry, reflecting those areas in which privacy rights are most relevant and have had the greatest impact: the effect of law and ideology on research and clinical practice, with a focus on genetics; and human reproduction, again with a particular focus on genetic aspects. These two areas present contrasting analytical challenges. While there is recent law indirectly or directly relevant to research and clinical practice (notably the Human Tissue Act 2004), there is little or no case law on the subject. In contrast, as regards reproduction and genetics, there have, over the past five years or so, been a number of court decisions, at all levels up to the House of Lords and the European Court of Human Rights. We therefore decided to publish the results of our study into the two areas separately, the better to highlight the key issues in each subject area. This report is on the first strand: the right to privacy in the context of medical research using tissue and data.

a - it is not fair to disclose individual’s personal details to the world and is likely to cause damage or distress. b - these details are not of sufficient interest to the public to warrant an intrusion into the privacy of the individual. Please click the below web link to see the exemption in full. www.legislation.gov.uk/ukpga/2000/36/section/40 Breach of confidentiality Please note that the identification of individuals is also a breach of the common law duty of confidence. An individual who has been identified could make a claim against the NHSBSA for the disclosure of the confidential information. The information requested is therefore being withheld as it falls under the exemption in section 41(1) ‘Information provided in confidence’ of the Freedom of Information Act. Please click the below web link to see the exemption in full.