Share This Post

The UK Government has introduced a Data (Use and Access) Bill (https://bills.parliament.uk/bills/3825) which includes some updates to UK GDPR.

Whilst some media are touting this as a reform of UK GDPR (like the previous Tory Data Protection & Digital Information Bill), it only touches a few aspects of UK data protection. The underlying intention of the Bill is to make sharing data easier for certain organisations (e.g. the police, NHS) with the aim of “kickstarting economic growth” (with an expection of generating £10bn towards the economy) and “building an NHS fit for the future”.

Aside from these key aims of the Bill though, it does include some updates to UK data protection, which could impact most UK businesses. So, if the Bill succeeds through Parliament and is passed (it’s currently at the time of writing at the House of Commons Committee report stage), this is how the Bill could impact you:

Subject access requests

    • The ability for organisations to “stop the clock” on subject access requests if more information is needed or the identity of the requester needs verifying. This will adjust the time in which the request has to be dealt with
    • The Bill also sets out that requests need to be “reasonable and proportionate”

Right to portability

    • The direct sharing of data between certain authorised organisations or regulated third parties (e.g. banks, energy providers, telecoms, mortgages, insurance, etc.)

Right to be informed

    • The removal of the need to provide privacy information if it “is impossible or would involve disproportionate effort” (although it will need to be clear how this is defined otherwise it could be seen as weakening the right to be informed)

Legitimate interest as a lawful basis

    • The introduction of “recognized legitimate interests” meaning Legitimate Interest Assessments (LIA) won’t be needed for certain legitimate interest processing
    • Clarity regarding the use of legitimate interest for marketing purposes

Automated decision making

    • Changes to the restrictions of relying on automated decision making processes (e.g. when using AI) which has a legal impact on the individual. The condition in UK GDPR maybe reduced to only apply to processing of special category data

Complaint handling

    • Introduction of measures regarding data protection complaint handling. Businesses could be required to provide a complaints process, respond to complaints within 30 days and notify the ICO of the number of complaints received

Changes to the ICO

    • The ICO to become the Information Commission which operates along the same lines as the FCA and Competitions and Markets Authority, with more government influence

Changes to the Privacy and Electronic Communications Regulations (PECR)

    • Increasing PECR fines to be in line with GDPR fines (currently PECR fines are capped at £500k)
    • Allowing the use analytics and some authorized cookies without consent
    • Changing the definition of unsolicited “spam” emails to include messages even if they were not received by someone (thus expanding the volume to be considered by enforcement of the PECR rules)

More information about the Bill and its passage through Parliament can be found here: https://bills.parliament.uk/bills/3825.

More To Explore

Eat. Sleep. GDPR. Repeat.

We live and breathe GDPR and ePrivacy compliance, so you don’t have too. Our GDPR UNLIMITED helpline is all about offering you help and support, whenever you need it most. As well as the unlimited helpline, you get up to 4 hours “hands-on” help each month, which we can configure to help you in anyway you need such as a GDPR review, or acting as your DPO.

As well as the unlimited helpline and hands-on help you get GDPR and privacy updates, access to our GDPR knowledge centre and webinars.

Unlimited email & phone support

Unlimited email and phone support. Email or organise a voice call as often as you need each month.​

Up to 4 hours "hands-on" help per month

We use these "hands-on" hours to do the GDPR work for you, such as reviews, acting as your DPO, checking DPIA, dealing with breaches, training your staff, etc. (Additional hours: £100+VAT per hour)

Online resources

Our Knowledge Centre gives you access to information, guidance, topic related guides and other tools to support your GDPR and PECR compliance

Updates, alerts & briefings

We provide updates and alerts and a monthly compliance briefing. You can either sign into the Knowledge Centre or sign up via email to receive an email every time we add a new update or alert

DPO services

Whether mandated or not we can act as your Data Protection Officer (DPO) and manage your day to day compliance

Webinars, workshops & training

Whether updates on the latest issue, workshops or team training, it's all included in your monthly retainer.

LIKE WHAT YOU'RE READING? join our email list

Sign up for monthly briefings and the occasional emails about our webinars and services

Want to know more about how we use your data? Check out our privacy policy