An hour and a half webinar to discuss the impact and implications of the Data Protection and Digital Information Bill for organisations that process personal data.
No events to show
After a year of consultations, the UK government finally laid its data protection reform bill before parliament. Now the bill is here, we would like to share our thoughts, and have open discussions, about what significant impacts there might be for organisations that process personal data. We aim to cover the following areas:
Principles And Lawful Ground of Processing
The bill makes very significant changes on how organisations can process personal data on the basis of 'legitimate interests', and also how personal data can be leveraged for new purposes. Both changes provide new opportunities for organisations to maximise the value of the data within a streamlined privacy management program.
The bill's most significant changes are to how controllers structure their compliance programmes. Data Protection Officers are to be replaced by Senior Responsible Individuals. ROPAs and DPIAs may not be required anymore, but organisations must still keep records of the personal data they process, and conduct assessments when 'high risk' processing is being considered. So what does this all mean for how organisations approach compliance, in practical terms?
Data Subject Rights
The bill expands the factors controllers need to take into consideration when evaluating Data Subject Access Requests. These changes could reduce the financial and logistics burden of responding to requests, but only if implemented properly. Otherwise, they could backfire and open you up to censure by the ICO for violating data subject rights.
Cookies and Electronic Marketing
The government's ultimate goal is to do away with cookie popups, and the bill starts that process by switching up how cookies can be placed on websites without requiring consent. At the same time though, the maximum fine for violating the ePrivacy rules are to be increased from, 500,000 Pounds to 20 million Euros or 4% of annual worldwide turnover, so clearly it's important to be exactly sure of how the changes would work!
Our Panel of Experts:
Nigel Gooding is the Founder and Executive Chair of DPAS, the Data Strategy, Data Compliance and Data Training experts. Nigel has a wealth of hands-on application of Data Compliance in 10 Local Authorities, National NHS Organisations, Education and Central Government.
Ademola Adekunbi (Kunbi) has over 6 years of experience in information governance. He is the lead subject matter expert for the International Data Transfer Advisory Service, providing legal and practical support in managing international data transfers, and the management of the information security obligations of the processing of Data Processors and Sub-processors based outside the UK and EU.
Andrew MacQueen is a trainee solicitor at Thorntons Law LLP and lecturer in law (data protection and cybersecurity) at Robert Gordon University. Prior to training as a solicitor Andrew was the global head of data protection at John Menzies plc responsible for the Group’s global data protection compliance programme. Andrew is also a doctoral candidate focussing on the accepted principles of professionalism and how these apply to the role of the DPO as defined under the EU GDPR.
Emily Aggett is a data protection specialist at Michelmores, with over 12 years experience in resolving contractual, commercial and employment disputes, locally, nationally, and internationally.