Please note that this Bill has been updated since the publication of this article. For the latest information and guidance please read: Data Proection and Digital Information Bill.
The Data Protection and Digital Information Bill (Data Reform Bill) was introduced for discussion in Parliament and is currently awaiting its second reading. The Bill covers several data protection issues, ranging from the definition of personal data to international data transfers, data subject access requests, cookies and legitimate interest assessments.
In the Queen’s Speech earlier this year, it was announced that the Bill would strengthen Britain’s already robust data protection laws while reducing costly compliance burdens on businesses.
We shouldn’t forget that the current UK General Data Protection Regulation (UK GDPR) mirrors the EU GDPR, so some of the proposed changes in the Bill might be controversial. Continue reading to discover how the Data Reform Bill could impact your business.
How will the Data Reform Bill help businesses?
Reducing the compliance burden is at the heart of the Data Reform Bill.
The Government believes that the GDPR laws have encouraged organisations to respond to data protection and privacy rather than assess the specific risks created by their particular data processing activities.
The Bill will remove the need for some businesses to recruit a Data Protection Officer (DPO) and run Data Protection Impact Assessments (DPIA) if they can effectively manage data protection and privacy risks themselves.
Four factors to consider
1. Promoting responsible innovation
The Data Reform Bill will simplify the legal requirements around research so that scientists are not impeded from using data to conduct their research.
2. Reducing burdens on businesses and delivering better outcomes for people
The Data Reform Bill will focus on reducing the unnecessary burden on businesses.
3. Boosting trade and reducing barriers to data flows
It is creating an autonomous framework for international data transfers reflecting the UK’s data protection approach.
4. Delivering better public services
The UK to improve the delivery of government services through better use and free flow of personal data
Will the Information Commissioner's Office (ICO) be reformed?
Yes, it will be modernised, and its statutory codes and guidance will be more specific to each industry.
The regulator will have to establish a panel of experts in relevant fields when creating statutory guidance and get the Secretary of State's approval on codes and guidance before they are presented to Parliament.
“My office will focus our resources where we see data protection issues are disproportionately affecting already vulnerable or disadvantaged groups. The impact that we can have on people’s lives is the measure of our success. This is what modern data protection looks like, and it is what modern regulation looks like.”, says John Edward, UK information commissioner.
The ICO action plan, setting out the focus for the year ahead, includes details of work focused on empowering people, including:
- looking at the impact of predatory marketing calls
- looking at the use of algorithms within the benefits system
- considering the impact the use of AI in recruitment could be having on ethnic minorities, who weren’t part of the testing for this software
- ongoing support of children’s privacy
How will the transfer of data internationally be affected?
Empowering international trade is a major component of the Data Reform Bill.
Parliament wants to encourage adequacy deals with countries such as the United States, Singapore, and Australia to remove barriers to data-flows and allow data-driven businesses to thrive in the UK.
- How can we transfer data from the UK? You don’t need any new arrangements for transfers from the UK to the EEA. However, you should update your documentation and privacy notice to expressly cover these transfers. If you transfer personal data outside the EEA now, you should already have arrangements for making a restricted transfer under the UK GDPR.
- What about transfers from the EEA into the UK? Data can still flow freely from the EEA unless you are processing or holding data transferred for immigration control
Get legal assistance from LawBite
The UK government wants to eliminate excessive bureaucracy and reduce business compliance regarding data protection and privacy while maintaining its high data protection standards. This is positive news for businesses and we will continue to update you on any changes to the Bill as it progresses through Parliament.
LawBite has years of experience helping businesses achieve their commercial ambitions and resolve disputes quickly and cost-effectively.
To find out how we can help you with GDPR, data sharing and protection and privacy law matters, book a free 15 minute consultation or call us on 020 3808 8314.
Additional resources
- The difference between a data controller and a data processor
- GDPR and working from home
- What is data processing under GDPR?
- How to gain consent under the GDPR
- GDPR compliance for mobile apps
- UK GDPR compliance for charities
- Who needs a data representative in the EU for GDPR compliance?
- Handling personal data correctly