GDPR and Digital Information Bill Summary
After tabling and then withdrawing the initial data protection reform bill, the revised Data Protection and Digital Information (No. 2) Bill (“the Bill) is now making its way through the parlimentary channels. The second version of the Bill provides some additional clarifications on its predecessor. It aims to make navigating and complying with the data protection regulations easier and clearer for businesses.
Thousands of organisations spent millions of hours and pounds on complying with the GDPR when it was first enforced over 5 years ago. It will therefore be a relief to many that the Bill does not create a new data protection framework. It instead amends the existing UK GDPR, Data Protection Act 2018 and PECR.
Changes to the UK GDPR & Data Protection Act 2018
The Bill providing for the changes to the UK’s data protection framework extends to 220 pages. One of the main issues with the Bill amending the existing regulations instead of replacing it is that organisations’ will need to cross-reference the three publications to understand what changes are being made. However, the good news is that for firms’ who are already compliant with the UK GDPR, there will be no additional introductions to the fraemwork. Instead the amendments provide clarifications, additional context and in some cases, aim to reduce the existing compliance workload.