Please note that this Bill is not in force yet; iubenda will keep you informed of any changes and our products will be aligned with any updates made.
Update: The UK government released a proposal for different laws and guidelines for AI and machine learning. See here for more on the UK Data Reform Bill and AI Regulation.
The revisions include, among other things, a revamp of the national DPA (ICO) and a restriction on the number of rules that can be applied to:
The UK government has long claimed that the GDPR’s lack of clarity made obtaining consent from individuals
“a box-ticking process”
with the current approach disproportionately burdening small enterprises.
The government has intimated that the Data Reform Bill will eliminate the requirement for organizations to obtain explicit consent before processing personal data on every occasion; however, it hasn’t specified how this will be implemented. The new data protection guidelines, however, will be based on results rather than the letter of the law, according to the report.
“The government emphasizes the need to remove unnecessary barriers to cross-border data flows, notably by advancing an ambitious program of sufficiency evaluations,” according to the report.
The United Kingdom has expressed a desire to form new data partnerships with countries such as the United States, Australia, Singapore, and the Republic of Korea. This has raised concerns in Brussels; if EU-UK data flows continue in lockstep, EU citizens’ data may be transferred to third countries with relaxed privacy standards.
Additionally, nuisance call companies might face fines of up to £17.5 million. The maximum financial penalty for cold callers will be increased from £500,000 in accordance with the GDPR (PECR).
Some organizations will not need to designate a data protection officer (DPO) or complete data protection impact assessments (DPIA) when developing new products or services under this new method.
On the other hand, organizations will still need to implement a privacy management program to guarantee they are held accountable for handling personal data.