0800 435 772

News and views

Home > News > GDPR and the Data Protection and Digital Information Bill

GDPR and the Data Protection and Digital Information Bill

Posted on 13 April 2023SharePrint

Since the General Data Protection Regulation was introduced, UK Training has led the way in keeping businesses informed about the development and application of data protection law in the UK.

Since leaving the EU, the UK Government has expressed the desire to reform the current regime, which it sees as overly burdensome, and has now introduced the new Data Protection and Digital Information (No.2) Bill into Parliament.

What are the aims of the Bill?

The measures contained in the Bill, introducing a more flexible and less burdensome regime, may well be welcomed by UK businesses and public sector organisations, but perhaps less so by the EU and other countries. If the proposals diverge too far from the EU’s data protection framework then the UK’s adequacy status could be at risk. This status is something the EU has already promised to review.

The EU’s concern is that a looser data protection regime may give the UK an unfair competitive advantage, contrary to the Trade and Cooperation Agreement. The Government hopes it will attract more inward investment and encourage technological innovation.

A further aim of the Bill is to ensure that data can be used to empower citizens and facilitate more effective delivery of public healthcare, security and government services. The UK’s approach to personal data with regard to security and policing is another area of concern for the EU.

The main aims of the Bill are to:

  • Relax the requirement for controllers to keep a Record of Data Processing, except where there is a high risk to data subjects.
  • Cut down the amount of paperwork that controllers and processors need to maintain to demonstrate compliance and thus lower admin costs.
  • Clarify the position where organisations can reject vexatious or excessive requests or charge a reasonable fee for complying with such requests.
  • Give organisations greater confidence about the circumstances in which they can process personal data without consent.
  • Increase participation in Smart Data Schemes, giving individuals and small businesses more control over their data. The Bill will also help to improve access, where appropriate, to personal data in health and social care contexts with regard to health-related treatments.
  • Require telephone and internet service providers to report unlawful direct marketing practices and establish a financial penalty for non-compliance.
  • Replace the ICO with a new Information Commission and enable the regulator to take stronger enforcement actions when data rules are breached.
  • Simplify the rules around the use of personal data for scientific research and technological development, enhancing the UK’s position as a science and technology superpower and increase confidence in the development of Artificial Intelligence.
  • Improve the regime for international data transfers in order to facilitate international trade, support innovation and enhance the work of law enforcement and national security agencies.

What are the timescales?

The Bill was initially introduced in July 2022 and then withdrawn after the new Prime Minister reorganised some Government departments in his first reshuffle. The revised Data Protection and Digital Information (No.2) Bill was introduced into parliament on 8 March 2023. It’s path to enactment is not entirely clear and, if enacted, would probably take a couple of years to fully implement.

John Edwards, the Information Commissioner, has said:

“I welcome the reintroduction of the Data Protection and Digital Information Bill and support its ambition to enable organisations to grow and innovate whilst maintaining high standards of data protection rights. Data protection law needs to give people confidence to share their information to use the products and services that power our economy and society. The Bill will ensure my office can continue to operate as a trusted, fair and independent regulator. We look forward to continuing to work constructively with the Government to monitor how these reforms are expressed in the Bill as it continues its journey through Parliament.”

Ensure that you keep yourself bang up to date with all the important developments in UK data protection law by attending our half-day course: The GDPR Update – see here for details.

Written by Paul Murphy
Connect with me on Linkedin here
Follow UK Training on Linkedin here 

UK Training