Alert
Alert
By Mark Booth
05.20.22
Businesses have invested significant time, money and effort into creating and administering comprehensive GDPR compliance frameworks. The announcement from the UK this past week may therefore leave some feeling nervous. However, the proposed Data Reform Bill can be seen as another helpful prompt for businesses to review and update their policies and procedures (particularly if a comprehensive review has not been undertaken since last year).
The UK Government hopes that the Data Reform Bill will reduce the burdens faced by businesses operating in the UK or targeting UK individuals, moving to an approach that is outcome-focused rather than “box-ticking,” thereby increasing the competitiveness and efficiency of UK businesses.
In particular, the Bill seeks to:
The Government has emphasized that the changes should not diminish the protection of personal data in the UK, for which it seeks to retain a “gold standard.” Any significant deviation from current practices would, however, alarm businesses that have had to put in significant effort to comply with GDPR and also risk the UK losing its “adequate” status, which currently allows for personal data to flow uninhibited between the UK and the EU.
More details will no doubt become clear as the results of the DCMS consultation and the text of the Data Reform Bill are published.
UK proposals to “reboot” data laws and the enforcer’s powers will cause both excitement and concern for businesses. A reduction of “red tape” will be welcomed, but any need for different policies, processes and compliance steps will pose a potential burden for international businesses, as would the loss of UK adequacy status.
The Data Reform Bill must still proceed through the UK legislative process. Businesses are advised to monitor the latest developments and consider now how this will impact their current business activities, data protection policies and procedures.