Will businesses save money with the UK’s answer to GDPR?
As the new Data Protection and Digital Information Bill – also known as the Data Reform Bill – begins its second reading in the House of Commons, technology secretary Michelle Donelan says it will become the UK’s version of the EU’s GDPR, and save the economy more than £4bn within a decade.
What is the Data Reform Bill?
In short, the Bill aims to reduce organisations’ data protection compliance costs.
The goal is to save the UK economy over £4.7bn over the next 10 years, while maintaining the importance of privacy and data protection, and upholding data protection standards.
How? By reducing compliance paperwork, removing restrictions and relaxing cookie protocols.
Reducing the workload
The Data Reform Bill will reduce the amount of paperwork currently needed to demonstrate business compliance with UK data protection legislation.
This includes removing the data protection impact assessment (although organisations will still be required to identify and manage risks); and eliminating the need to prepare a record of processing activities.
However, organisations will have to maintain a ‘personal data inventory’ that describes what and where personal data is held, why it has been collected and how sensitive it is.
Reducing paperwork, and subsequent legal costs, will enable organisations to reuse personal data for research purposes without being limited by current UK data protection legislation.
This will also allow organisations to focus on managing internal data protection practices without having to regularly demonstrate compliance.
Organisations carrying out “high risk” processing (for example, organisations processing large volumes of sensitive data about people’s health) will still need to maintain records of processing activities.
Removing restrictions to increase international trade
The Data Reform Bill ensures businesses can continue to use their existing international data transfer mechanisms before the Bill is approved to share personal data overseas.
Otherwise, the Bill introduces a new data protection test to be conducted prior to international transfers.
Fewer website cookie pop-ups
UK data protection legislation requires organisations to obtain and maintain ‘valid consent’.
However, where cookies collect information for statistical purposes like making improvements to the website and services, it won’t be necessary to ask for consent as long as the cookie policy provided is clear and comprehensive.
Personal data collected using cookies must not be shared with other organisations, except to assist that organisation with making improvements to its website or service.
Additional changes
There are some additional changes. The Data Reform Bill will also:
- Provide guidance on the use of AI technologies and the safeguards to be applied
- Establish a framework for the use of digital verification services
- Create a statutory board with a chair and chief executive for the Information Commissioner’s Office (“ICO”)
- Make provision for commercial organisations to benefit from the same freedoms as academies to conduct scientific research.
How will the Data Protection and Digital Information Bill affect your business?
More information about how your organisation can reduce its administrative costs and time is available via the government’s website .
For more information on how the Data Reform Bill may affect your organisation’s specific data protection practices, or for support with general advice or reviewing records of processing activities and cookie policies from our data protection team, get in touch with Rhiannon Hastings directly using rhiannon.hastings@muckle-llp.com or 0191 211 7891.
You can also visit the Muckle website at www.muckle-llp.com.
© Cumbria Chamber of Commerce