A new version of the Data Protection Bill No.2 was presented by the UK Government a few weeks ago, here is an overview of what you need to know.
The Bill is intended to simplify and update the existing data protection regime in the UK. The intended aim is to maintain a high standard of data protection whilst reducing the administrative burden on businesses in achieving compliance.
Here are the main points to take away:
- Businesses will no longer be required to keep records of processing (unless the business is involved in higher-risk processing).
- Data protection impact assessments are to be replaced with a simplified assessment of high-risk processing approaches.
- Data Protection Officers will cease to be a legal requirement for businesses carrying out high risk processing, and can be replaced with senior managers overseeing the high-risk processing activities.
- Cookie consents will be simplified in an attempt to reduce “consent fatigue” with more emphasis on the user’s browser settings, moving to a more opt-out rather than opt-in approach, and reducing the number of cookie activities that require consent.
- Fines for breach of the Privacy and Electronic Communications Regulations will also be updated to impose maximum values to match those for breach of GDPR (i.e., the higher of £17.5 million or 4% of the company’s global annual turnover).
- Less restrictive approach to processing for scientific research purposes.
Are you prepared for the changes presented by the new bill? Contact our Commercial Team who can provide dedicated data protection advice and help you to navigate the risks.