What will the UK GDPR reforms mean to you?

The UK government is consulting on proposals to adjust the data protection regime (PDF). After Brexit, the government is keen to flex its muscles to capitalise on the UK’s “independent status and repatriated powers”.

How will this affect you?

If the proposals are adopted, there will be the following changes:

It will be easier or clearer to use personal data in the following circumstances such as:
- “reuse” of data for purposes other than for which data was collected
- greater ability to share data
- clarity over what amounts to anonymisation and how to use for AI, decisions based on “automated processing”, public health, policing, national security and research
You may be able to implement a “privacy management programme” and might no longer have to comply with the following obligations:
- to notify the data subject where you collected their data directly from them
- to appoint a Data Protection Officer
- to undertake a Data Protection Impact Assessment
- to consult with the ICO before undertaking certain high risk processing
- to keep records
It will be easier to process data for a “legitimate interest” rather than relying upon consent because you are unsure where it is legitimate
It will be clearer when you don’t have to report data breaches to reduce overreporting
You may be able to charge for data subject access requests again
Use analytics cookies without obtaining consent (as happens in France) and some other technical uses
Fines for nuisance calls could jump from £500k to £17.5m or 4% of global turnover with the alignment of PECR enforcement with GDPR
International data transfers could become easier by:
- the UK government adopting its own adequacy decisions including groups of countries, regions and multilateral frameworks
- use of “alternative transfer mechanisms”
- exempting “reverse transfers” of data from the UK back to the country from which it was originally transferred
There are also proposals to reform the Information Commissioner’s Office to include a new duty to have regard to economic growth, innovation and competition and to develop and publish KPIs

What next?

While some of the proposals appear to be business-friendly, the UK will be keen to ensure it does not undermine compliance with core GDPR protections. Any step in this direction could lead to the invalidation of the adequacy decision under which data can flow freely between the EU and UK. We can expect close scrutiny of the proposals by the European Data Protection Board before the consultation closes on 19 November 2021.

If you need advice, contact me f.jennings@teacherstern.com or +44 (0) 20 7611 2338.

2 comments

IDTA: Because Brexit – The Cloud Lawyer says:

2 February 2022 at 10:18

[…] IDTA has been drafted to allow for updates to UK data protection laws. The UK government consulted on proposed reforms last year and is expected to publish its intentions soon. We await to see whether these reforms will affect […]

LikeLike

Data reform not adequate? – The Cloud Lawyer says:

19 May 2022 at 12:57

[…] I’ll spare you any more of this vapid nonsense. It’s all in the background briefing notes if you have the stomach for it (PDF). In truth, presumably they’ll base the reform on the results of the consultation they undertook recently. […]

LikeLike

What's your view? Leave a comment Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.