DATA PROTECTION AND DIGITAL INFORMATION BILL

14th september 2022

A half day webinar to discuss the impact and implications of the Data Protection and Digital Information Bill for organisations that process personal data.

After a year of consultations, the UK government finally laid its data protection reform bill before parliament. Now the bill is here, we would like to share our thoughts, and have open discussions, about what significant impacts there might be for organisations that process personal data. We aim to cover the following areas:

Principles And Lawful Ground of Processing

The bill makes very significant changes on how organisations can process personal data on the basis of ‘legitimate interests’, and also how personal data can be leveraged for new purposes. Both changes provide new opportunities for organisations to maximise the value of the data within a streamlined privacy management program.

Controller Obligations

The bill’s most significant changes are to how controllers structure their compliance programmes. Data Protection Officers are to be replaced by Senior Responsible Individuals. ROPAs and DPIAs may not be required anymore, but organisations must still keep records of the personal data they process, and conduct assessments when ‘high risk’ processing is being considered. So what does this all mean for how organisations approach compliance, in practical terms?

Data Subject Rights

The bill expands the factors controllers need to take into consideration when evaluating Data Subject Access Requests. These changes could reduce the financial and logistics burden of responding to requests, but only if implemented properly. Otherwise, they could backfire and open you up to censure by the ICO for violating data subject rights.

Cookies and Electronic Marketing

The government’s ultimate goal is to do away with cookie popups, and the bill starts that process by switching up how cookies can be placed on websites without requiring consent. At the same time though, the maximum fine for violating the ePrivacy rules are to be increased from, 500,000 Pounds to 20 million Euros or 4% of annual worldwide turnover, so clearly it’s important to be exactly sure of how the changes would work!