The revised Government data law was introduced in Parliament on March 8, 2023.
The government has been working on its own version of GDPR since July 2017, when it launched a consultation on how to implement new data legislation. The new Data Protection and Digital Information Bill looks to evolve the UK GDPR which came into effect following Brexit.
The updated Bill has been designed in consultation with business leaders and data experts. The Government expects the reforms to unlock impressive £4.7billion savings for the UK economy over the next 10 years. With SME’s greatly benefitting by lessening the load in terms of bureaucracy.
The government claims the change will reduce needless paperwork for businesses by allowing them to use existing contracts and policies when it comes to obtaining consent for processing personal information – such as marketing emails or phone calls – rather than having to ask people again and again if they wish to continue receiving communications from a company. The Bill seeks to reduce the number of online consent pop-ups, allowing websites to collect data about an individual’s visit.
The Government have also clarified that the updated legislation seeks to maintain data adequacy with the EU, which has been an area for concern since the impending changes were announced.
Richard Hartland, Technical Director at Data8, welcomes the new Bill, “The new bill seems to be a step in the right direction in terms of adding clarity and confidence on how data can be processed, reducing unnecessary bureaucracy, and maintaining the high standards of data privacy that consumers now expect. It is also vitally important that the bill achieves data adequacy with the EU so that the UK can remain an international leader in data processing activities and services.”
Currently, under GDPR, companies must report any data breaches within 72 hours of becoming aware of them. Failure to do so could result in fines of up to €20 million or 4% of global annual turnover.
Some critics claim that the new Data Protection and Digital Information Bill does not extend far enough to protect individuals as it is not as strict as Europe’s GDPR. However, the Bill will increase fines for nuisance calls and texts. These fines are set to be either up to four per cent of global turnover or £17.5 million, whichever is greater.
One of the largest changes will come in the form of a framework for the use of trusted and secure digital verification services. Individuals will be able to create certified digital identities enabling them to prove their identity online quickly and easily.
The new law, if enacted, will come into force on May 25th next year, five years after GDPR was enforced in Europe.