Data protection in higher education: what to expect in 2024

As we step into the intricate landscape of UK data protection in 2024, there will be both opportunities and challenges for the higher education sector. With a growing reliance on technology and an increasing volume of personal data being generated, this remains an exciting and important area. 

This is particularly the case when it comes to new technologies and the interplay between regulatory development, the increasing popularity of AI and evolving expectations of individuals. It is marked by heightened concerns about privacy and cybersecurity. 

Regulatory developments

It’s expected that the Data Protection and Digital Information Bill (the Bill) will become law in 2024. It aims to streamline the efficiency of data processing for public authorities through the cutting of administration and red tape. 

The Bill is estimated to “unlock” £2.5billion for the public sector over the course of 10 years. Although the Bill proposes some significant changes, it is not a radical departure from existing obligations. It will provide universities with greater flexibility over the use of personal data and reduce the burden of complying with UK data protection laws.

The Information Commissioner's Office (ICO) continues to consult on various data protection issues and publishes specific guidance to assist organisations comply with their duties. In 2024, we can expect guidance on the development and use of generative Artificial Intelligence (AI) models, the use of biometric data, processing of employment records and the journalism code of practice.

International data transfers are a trend that’s likely to continue into 2024 as we expect the UK to agree more ‘data bridges’ with other countries.

Cybersecurity 

Cybersecurity threats continue to evolve with reports of QR code phishing and ransomware attacks hitting the news. Higher education providers should continue to prioritise cybersecurity and establish frameworks emphasising preparedness with early detection and rapid response being key to managing the growing threat.

The growth of Artificial Intelligence

AI has delivered exponential growth in terms of both popularity and capabilities. With this trend set to continue, we will see regulators grappling with the complexities of AI systems with a demand for governance and balancing the competing demands of promoting innovation and safeguarding the data that feeds the systems.

The Bill does not deal specifically with AI and, whilst further regulatory reform is expected in this area (as has occurred elsewhere – see the EU AI Act as an example), it is unlikely to occur within the next 12 months.

Higher education providers should not be afraid of embracing AI and other new technologies but should do so in a manner that considers data protection at an early stage of development and implementation.

Individuals’ expectations

It is likely that we will see a continuation in the volume of Subject Access Requests (SARs) as individuals increasingly become aware of their rights. This trend highlights the importance of having robust data management processes in place to process such requests effectively.

How we can help

It’s clear that the regulatory landscape for data protection in the UK is set for significant developments in 2024.

With our comprehensive suite of services, we can help you strengthen your data protection practices by providing timely insights, expert guidance, bespoke training and tailored solutions to help you navigate the evolving landscape of data protection. This includes:

1. Organisational training.
2. Support for complex or large-scale SARs.
3. Project Management Support to address any backlogs.
4. A helpline to offer regular support in relation to quick queries throughout the year.
5. Drafting data sharing and data processing contractual agreements.
6. Using data protection impact assessments for new technologies, and international data transfer agreements when sending personal data outside the UK.
7. Support with cyber attacks and other data breaches, including dealing with reporting obligations.
8. Handing complaints and legal claims.