19 September 2024

UK Data Protection Reforms: Not more ‘GDPR’!?

news
regulatory updates

Introduction of a new Digital Information and Smart Data Bill



It seems that only a few weeks ago businesses were getting excited about the introduction of the Data Protection and Digital Information Bill (the one that didn’t make the cut before we welcomed our new government).  Now we are talking about the introduction of a new Digital Information and Smart Bill.

Aren’t these the same thing?!   

Sadly, no.  This new Smart Data Bill is standalone, introduced by the new Labour government to make changes to the way we deal with data but for the digital age.  

As the labour government didn’t appear to object to any of the original plans under the old Bill, it was initially expected that much of this would be re-introduced, though this is not what it looks like at first glance.  The key changes are set out below:

  • The creation of a legal framework for ‘smart data’ bringing digital verification services within a statutory footing for the first time. 
  • The ICO will be given new and stronger powers and, we’re told, go through a modernisation process (whatever that means).  
  • There will also be some ‘targeted reforms’ to come, especially where some of the existing data laws lack in clarity (I think we can all agree that this would help!)

Sadly, though, for small and medium sized businesses alike, the Smart Data Bill will not introduce the wide scale reforms to the existing data protection regime they’d expected.  It is yet to be seen whether the Smart Data Bill will still seek to address some of the existing problems that small business and SMEs experience.  

Separately, privacy groups are raising concerns that any changes will result in regulatory standards being lowered, specifically for the data subjects, so we will be watching this carefully.  

For now, though, we will stay aligned with the EU law and will continue to watch this space for more to come.  We especially need to monitor the ‘targeted reforms’ carefully as any changes are likely to have an impact on individuals and businesses alike.  This Bill could be enacted fairly quickly and when it does, we’ll have to figure out how current data practices can be adapted to the new data regime.

More to come… 

useful facts: things you could still be doing to stay compliant

  1. Privacy Policies: Make sure your privacy policies are up to date and clearly explain how you handle personal data.
  2. Train Your Team: Make sure everyone understands data protection rules and their responsibilities.
  3. Security Measures: Use encryption, secure access controls, and regular audits to protect personal data.
  4. Maintain Records: Keep records of data processing activities within your business and make sure these stay up to date.  Don’t lose all the good work you’ve put in!.