ao link
Business Reporter
Business Reporter
Business Reporter
News
Technology
AI & Automation
Communication
Digital Transformation
Industrial Innovations
IoT
Mobile
Smart Cities
Cyber Security Site
Management
Global Agenda Series
Best of Business
Energy
Future of Work
Healthcare
Human Resources
Future of Enterprise
Retail
Customer Experience
Risk Management
Supply Chain
Finance
FS, Banking & FinTech
CFO
Fraud Prevention
Insurance
Payments
Sustainability
ESG
UN SDGs
Sustainability Talks
Responsible Business
Resources
Print Reports
White Papers
Business Learning
Events
Talk Shows
Supply Chain
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Digital Transformation
Upcoming Episodes
On-Demand
Hosts
Speakers
MarTech
On-Demand
Hosts
Speakers
FinTech
Upcoming
On-Demand
Host
Speakers
HRTalk
Upcoming Episodes
On-Demand
teiss (Cyber Security)
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Jobs
Search Business Report
My Account
Remember Login
Register|Reset Password
My Account
Remember Login
Register|Reset Password
News
Technology
AI & Automation
Communication
Digital Transformation
Industrial Innovations
IoT
Mobile
Smart Cities
Cyber Security Site
Management
Global Agenda Series
Best of Business
Energy
Future of Work
Healthcare
Human Resources
Future of Enterprise
Retail
Customer Experience
Risk Management
Supply Chain
Finance
FS, Banking & FinTech
CFO
Fraud Prevention
Insurance
Payments
Sustainability
ESG
UN SDGs
Sustainability Talks
Responsible Business
Resources
Print Reports
White Papers
Business Learning
Events
Talk Shows
Supply Chain
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Digital Transformation
Upcoming Episodes
On-Demand
Hosts
Speakers
MarTech
On-Demand
Hosts
Speakers
FinTech
Upcoming
On-Demand
Host
Speakers
HRTalk
Upcoming Episodes
On-Demand
teiss (Cyber Security)
Upcoming Episodes
On-Demand
Hosts
Speakers
Sponsors
Jobs

The new UK GDPR: ambitious reform or cosmetic change?

Digital Economy05 May 2023

Oliver Yaros and Ondrej Hajda at law firm Mayer Brown provide a view on the UK government’s proposal to reform the UK GDPR

 

The Government’s proposal to update the UK data protection framework through the introduction of the Data Protection and Digital Information Bill (No. 2) has been championed as a key part of the Government’s post-Brexit strategy to move away from burdensome EU laws and create a more competitive, pro-innovation environment in the UK.

 

However, if the UK position moves too far away from the EU standard, it risks losing its data protection "adequacy" status which allows organisations move data seamlessly between the EU and the UK.

 

Therefore, rather than bring about a wholesale reform of the UK data protection regime, the Bill introduces a set of clarifications to give businesses and other organisations more certainty in specific situations. For example, organisations that use personal data for research or journalism will now have more clarity on how they can use personal data lawfully for these purposes.

 

The Bill also aims to reduce the administrative burden on organisations relating to:

  • record keeping (which would now apply only to organisations conducting high risk processing),
  • the requirement to appoint a data protection officer (which would be replaced by a requirement to appoint a "senior responsible individual" for businesses carrying out high risk processing), and
  • the requirement to appoint a representative in the UK for international businesses (which would be removed altogether).

Some of the biggest changes in the Bill relate to automated decision-making. In particular, the Bill seeks to make it easier for business to use automated decision-making without meaningful human involvement in low-risk scenarios (such as personalising user’s experience), while providing safeguards for situations where the automated decision could have a significant effect on the individual (such as whether they proceed to a next stage in a recruitment process).

 

However, possibly the most significant development for businesses and individuals alike introduced by the Bill is increasing the maximum level of fines for nuisance calls and messages from £500,000 to £17.5 million or 4% of the global annual turnover (whichever is higher). The Information Commissioner’s Office (ICO) which enforces data protection legislation in the UK has previously not shied away from fining businesses that make nuisance calls and send nuisance messages and emails.

 

It is therefore likely that the ICO’s beefed up powers might focus the attention of marketing teams on ensuring compliance with the UK direct marketing rules.

 

Many individuals might also welcome the proposed changes to cut down on the number cookie banners online. This change might benefit not only individuals fed up with the constant pop-ups seeking their consent, but also businesses that are already familiar with configuring their cookie banners for users in different countries to comply with local requirements.

 

The Bill has received a generally positive feedback from the industry because the Government has sought to reassure businesses which invested resources to comply with the current data protection regime (such as to comply with increasingly complex rules on cross-border data transfers) that they will not need to duplicate their efforts by having to overhaul their compliance programmes to comply with the changes introduced by the Bill.

 

However, the proposals in the Bill will primarily benefit smaller, UK focussed businesses, who will welcome the additional clarity about the circumstances in which personal data can be processed and the proposed reduction in the onerous record keeping requirements (and the associated compliance costs) that existed under the old EU GDPR.

 

For most larger, particularly international businesses that aim to run their global data privacy compliance programs in a joined up, standardised way, this latest development is unlikely to bring many benefits and represents yet another change that they will need to address in the constantly evolving international data privacy landscape.

 

Finally, the Bill also paves the way for the Government to recognise more countries as offering an "adequate" level of data protection and therefore making it easier for businesses to transfer personal data to such countries. The Government has showed its eagerness to incorporate discussion about data adequacy into its post-Brexit trade deal negotiations.

 

However, the biggest challenge on the data protection front remains to be solved – how to make it easier to send personal data from the UK to international jurisdictions such as the USA, India, China and other places without prejudicing the UK’s ability to conduct data transfers with the EU.

 

 

Oliver Yaros is a Partner, and Ondrej Hajda is an Associate, in the IP & IT Group at international law firm Mayer Brown

 

Main image courtesy of iStockPhoto

Digital EconomyImproving Business PerformanceRisk Management

Most Viewed

Business Reporter

23-29 Hendon Lane, London, N3 1RT

23-29 Hendon Lane, London, N3 1RT

020 8349 4363

Cookie Policy
Terms of Business
17 Global Goals
Campaign Schedule
Lead Generation Media Kit
Sustainability Report
Contact Us
Privacy Policy
Terms and Conditions
Breakfast Briefing Media Kit
Media Kit
BR Studio
Content Guide
Traffic Drivers
Case Study

© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543

We use cookies so we can provide you with the best online experience. By continuing to browse this site you are agreeing to our use of cookies. Click on the banner to find out more.
Cookie Settings

Join the Business Reporter community today and get access to all our newsletters, and our full library of talk show episodes

Join the Business Reporter community today and get access to all our newsletters, and our full library of talk show episodes

Join free today
Join Business Reporter