On the 10th of September 2021, the Department for Digital, Culture, Media and Sport published a consultation paper, proposing reforms to data protection law in the UK, titled ‘Data: a new direction‘.
The proposals largely echo the government’s Brexit promises which aim to boost trade, encourage innovation, deliver better public services and to deregulate administrative burdens for organisations.
In this blog post we address the changes that may impact your organisation.
Will this make life easier for your organisation?
The government is aiming to reduce the administrative strain for businesses by replacing regulation with a flexible, ‘privacy risk programme’ which places the onus on organisations to manage and use data responsibly. The programme would include the removal of requirements for data protection officers, data impact assessments and the need to consult the Information Commissioner’s Office (ICO) prior to high-risk processing. There is also a suggestion that data controllers will be able to charge administrative fees for responding to data subject access requests.
Reducing obstacles to innovation?
Data is an ever-important and developing aspect of the UK’s economy. The proposed reforms are centred on affecting the ease, costs and risks of developing new technologies and services. The government believe that elements of the current legislation may be creating burdens or obstructing useful research.
The reforms seek to provide greater clarity in areas of innovative interest such as artificial intelligence, consolidating research practices, re-use of data, data minimisation and anonymisation. Furthermore, the government will include a duty on the ICO to have regard for economic growth and innovation when it is performing its functions.
Following the past six months of bridging rights, the EU decided in June that the UK’s data protection laws were adequate. The EU’s adequacy decision allows the free transfer of personal data between the EU and the UK, which is pivotal for a large portion of UK businesses. An area of concern is that the government’s watering down of regulation and removal of “red tape” will jeopardise the adequacy of UK data protection law, which the EU Commission will be monitoring in light of these changes.
The adoption of these proposals is yet to happen, and it will be interesting to see the extent to which they are adopted. Fundamentally, the success of the government’s proposals will hinge on whether they are able to strike an effective balance between reducing obstacles and ensuring that the seamless data flows between the UK and the EU are protected.