arrow-left Back to Announcements
DATE:
AUTHOR:
The folks at Scrut
New Feature

New framework added: UK GDPR

DATE:
AUTHOR: The folks at Scrut

What's new?

Scrut now supports the UK GDPR framework as part of our expanding library of over 60 compliance frameworks.

The UK GDPR establishes stringent rules for organizations that process personal data of individuals residing in the UK. It ensures the protection of individual privacy rights by setting out key principles for data processing, such as lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability. It grants individuals significant rights over their personal data and places obligations on organizations regarding data handling, security, and breach notifications.

Why it matters

The latest version of the UK GDPR is crucial for any organization that processes personal data within or for individuals in the UK. Key updates include:

  • Automated Decision-Making (ADM): A more permissive framework for ADM is introduced, allowing decisions based solely on automated processing in broader circumstances, accompanied by clear safeguards for individuals (e.g., information provision, right to challenge, human intervention).

  • Subject Access Requests (SARs): Clarified time limits for responding to SARs, including a "stop the clock" rule when organizations require more information from requesters, and guidance on "reasonable and proportionate" searches.

  • Children's Data Protection: New rules for online services likely to be accessed by children, emphasizing the need to consider how to protect and support them in design.

  • Scientific Research: Clarification that scientific research can include commercial research, allowing for broader consent for related research areas and outlining required safeguards.

  • Recognized Legitimate Interests: Introduction of new lawful grounds for processing personal data in specific use cases, such as crime prevention, safeguarding, and emergency response.

  • International Data Transfers: Simplified rules and necessary clarifications for transferring personal data internationally.

  • Complaints Handling: Requirements for organizations to handle individual complaints before they are reported to the Information Commissioner, including providing electronic complaint forms and acknowledging complaints within 30 days.

How it works

You can now find the latest UK GDPR in the Frameworks module. You can:

  • Easily navigate and track compliance with the refined UK GDPR requirements.

  • Leverage pre-mapped controls to internal policies, evidence, and configurations, reducing manual effort in adapting to the new provisions.

  • Utilize cross-framework mappings with ISO 27001, NIST, EU GDPR and other relevant standards to optimize compliance efforts across your entire GRC program.

  • Assign control owners, monitor implementation status, and download readiness reports to prepare for internal reviews or regulatory assessments related to the updated UK GDPR.

Whether you're enhancing your existing data protection practices or navigating new requirements introduced by the DUAA, Scrut helps you achieve and maintain UK GDPR compliance more efficiently.

Need help?

Your Customer Success Manager (CSM) is always ready to help if you need assistance. Explore all recent product updates → View now.

Powered by LaunchNotes