In 2022, the government consulted on plans for data reforms and has now publishing its response to those comments.
It sets out how the Data Reform Bill announced in this year’s Queen’s Speech will strengthen the UK’s high data protection standards while reducing burdens on businesses to deliver around £1 billion in cost savings that they can use to grow their business and boost the economy.
The Data Reform Bill will more clearly define the scope of scientific research and give scientists clarity about when they can obtain user consent to collect or use data for broad research purposes.
The Information Commissioners Office (ICO)
The plans will modernise the ICO i.e. the data regulator, so it can better help businesses comply with the law.
The ICO received 130,000 complaints last year about unwanted calls and messages, but was only able to issue fines totalling £2.8 million.
The ICO will be given more enforcement powers – they will be able to take action over high volumes of unanswered calls by using heavier fines.
Reducing Business Burdens
Data-driven trade generated nearly three quarters of the UK’s total service exports and generated an estimated £234 billion for the economy in 2019.
The European Union’s highly complex General Data Protection Regulation (GDPR) has many positive features in protecting data but it also has drawbacks restricting the innovative use of data.
This bill will remove the UK GDPR’s prescriptive requirements giving organisations little flexibility about how they manage data risks – including the need for certain organisations, such as small businesses, to have a Data Protection Officer (DPO) and to undertake lengthy impact assessments.
It means a small business such as an independent pharmacist won’t have to recruit an independent DPO to fulfil the requirements of UK GDPR, provided they can manage risks effectively themselves, and they will not have to fill out unnecessary forms where the risk is low.
Organisations will still be required to have a privacy management programme to ensure they are accountable for how they process personal data. The same high data protection standards will remain but organisations will have more flexibility to determine how they meet these standards.
Protecting consumers from nuisance calls
The fines will increase from the current maximum of £500,000 and be brought in line with current UK GDPR penalties which are up to four per cent global turnover or £17.5 million, whichever is greater.
Those Annoying Cookies
Currently, users have to give their consent for cookies (the data points which allow sites to remember information about an individual’s visit) to be collected. To do so users have to opt in to cookie collection every time they visit a new site.
If you have any experiences with these scams do let me know, by email.