The UK Announces a Data Reform Bill
On May 10, 2022, as part of the Queen’s Speech, the UK government announced its intention to introduce a Data Reform Bill.
In September 2021, the UK government launched a consultation on the existing data protection regime titled “Data: a new direction”. This was the first step in delivering the government’s National Data Strategy which hopes to “create a pro-growth and pro-innovation-friendly data protection regime whilst maintaining the UK’s world-leading data protection standards.”
Data protection laws have evolved significantly over the years. The Data Protection Act 1998 was superseded by the General Data Protection Regulation (GDPR) 2016, which required substantial openness and transparency around the use of personal data.
Following Brexit, a new domestic data protection law titled the UK GDPR took effect in January 2021 which sits alongside an amended version of the Data Protection Act (DPA) 2018 – governing the processing of personal data about individuals located within the United Kingdom.
The announcement of the Data Reform Bill could be another huge shake up for UK organisations processing personal data.
What we know so far
The Data Reform Bill hasn’t been published yet, but it is likely to deviate from the EU’s data protection regime which may impact on the UK’s adequacy decision, which allows the flow of personal data between the European Economic Area and the UK without the need for additional measures such as International Transfer Agreements.
From the consultation and notes from the Queen’s Speech, we gathered some key facts:
- The UK GDPR and the Data Protection Act 2018 are seen as “highly complex and prescriptive” laws that impose excessive administrative burdens on businesses while providing little benefit to citizens.
- The reform would move away from the “one-size-fits-all” approach and allow organisations to demonstrate compliance in ways more appropriate to their circumstances.
- The Bill will seek to provide the Information Commissioner’s Office (ICO) with the power to take stronger action against businesses that breach data rights.
- It will focus on a flexible, outcomes-focused approach to data protection rather than “box-ticking” exercises.
- The government wants will simplify the rules relating to the use of personal data for research purposes, to promote the UK as a science and technology superpower.
- The ICO will be required to create an exhaustive list of data processing activities that can rely on the legitimate interest legal basis. For those activities not listed, an assessment would be required.
How the Reform Bill may affect charities
The consultation proposes many changes to data protection law in the UK, the ones we believe will impact charities include:
- An exhaustive list of data processing activities where legitimate interest can be used as a legal basis will be extremely useful for charities as it may cover some of the activities they undertake such as postal marketing.
- A proposal to extend the ‘soft opt-in’ to electronic communications to non-commercial organisations, such as political parties and charities could mean that charities are able to communicate their services to individuals who had not previously engaged with them.
- Monetary penalties for breaches of the Privacy and Electronic Communication Regulation 2003 (PECR) may be increased so that they are in line with the current UK GDPR. The fines under the UK GDPR can be up to £17.5m or 4% of the organisation’s global turnover.
Regardless of any changes to data protection law, the Smartdesc Information Governance team are here to assist you in your journey to data protection compliance and have a variety of services on offer to meet your organisations needs, including our recently launched Data Protection Officer (DPO) service, which relinquishes the burden of the internal DPO and puts it on the shoulders of a team who have a combined experience of over ten years in helping charities comply with data protection legislation.
Smartdesc is an IT Service Provider and Microsoft Gold Partner for the charity, non-profit and public sector. We are an ACEVO Premium Partner, NCVO Trusted Supplier and CFG partner.
We are always happy to talk through your organisation’s IT Challenges or IT Plans and offer free Charity IT Tech Reviews and complementary IT Consultations for NCVO, ACEVO and Charity Finance Group members. Book some time with us here.