The UK Government has disclosed details of its intention to introduce new, business-focused data protection laws in its latest ‘clampdown on bureaucracy’.
The proposals, which were announced at the end of London Tech Week this week, plan to reform the UK’s current data protection laws, offering businesses wider flexibility in how they obtain consent to use a customer’s data.
The arrival of these reforms would do away with most of the European Union’s general data protection regulation (GDPR), which was introduced four years ago and requires businesses to adhere to complex ‘box-ticking’ exercises, and limits how businesses are able to use the data they colllect.
The prescriptive one-size-fits-all requirements of GDPR add an extra level of burden to businesses in certain cases, including the requirement for some small businesses to have a data protection officer and engage in time-consuming assesments.
The new UK GDPR means that these businesses now won’t have to bring in this officer, so long as they’re able to manage the risks effectively themselves, whilst the amount of paperwork and red tape has also been reduced.
However, businesses will still have to complete a privacy management programme, so that they can remain capable of processing data correctly while ensure that they’re able to meet the requirements of the reforms.
It’s hoped that this announcement will be a big plus to British business and commerce, with the Governemt putting forward analysis from the department for digital, culture, media and sport (DCMS) when it goes on to state how such a move could save businesses £1billion over a 10 year period.
In addition to cleaning up data consent, the bill also redefines how businesses are able to market to new customers, preventing them from contacting customers without their consent.
The bill has increased fines for breaching the UK’s existing privacy and electronic communications regulations (PECR). Instead of a £500,000 fine, being the current maximum, businesses that send out nuisance calls and texts can expect to pay £17.5million or four per cent global turnover, whichever is greater.
It will allow customers to automatically opt-out of cookies and annoying pop-ups when they’re browsing the internet – a great relief for everyone – being the general theme of the PECR update.
The reform wiill also introduce the information commissioner’s office (ICO), the UK’s primary data regulator, to a new chair, chief executive and board, shifting the regulator from a task-based to an obejctive-based focus.
The ICO will develop new, business-specific statutory codes and guidance, sharing the most effective ways to use and store data. This will make the ICO more dynamic and bring it closer to the businesses it works with, while also encourging regulators to be held accountable for their actions.
Data has become the backbone of fintech and financial services, with consumers depending on its use to power the apps and services they use and engage with every day. For businesses, data allows them to make better and more informed business choices, while being able to offer services that are more tailored and appropriate for they consumers.
The announcement included how data-driven trade generated nearly three quarters of the UK’s total service exports and generated an estimated £234billion for the economy in 2019.
Digital secretary Nadine Dorries recognised the reformation of the UK’s GDPR as “an important step in cementing post-Brexit Britain’s position as a science and tech superpower,” going on to explain that “our new data reform bill will make it easier for businesses and researchers to unlock the power of data to grow the economy and improve society, but retains our global gold standard for data protection.
“Outside of the EU we can ensure people can control their personal data, while preventing businesses, researchers and civil society from being held back by a lack of clarity and cumbersome EU legislation.”
The move is poised to allow UK businesses to use data in a way that more effectively meets their needs as a busssiness, and the needs of their customers through the creation of more personalised services. It will foster a new attitude to data research and the application of that research, as well as encourgaing the UK to form new international data partnerships.
Speaking on his support of the ambition of these reforms, UK information commissioner John Edwards said in the announcement: ‘Data protection law needs to give people confidence to share their information to use the products and services that power our economy and society.
“The proposed changes will ensure my office can continue to operate as a trusted, fair and impartial regulator, and enable us to be more flexible and target our action in response to the greatest harms.
“We look forward to continuing to work constructively with the government as the proposals are progressed and will continue to monitor how these reforms are expressed in the bill.”
Offering an insight from an industry perspective, Jon Baines, senior data protection specialist at Mishcon de Reya LLP, comments: “The proposed reforms to data protection law are very significant for individuals and organisations and will no doubt be the subject of much parliamentary debate before they are passed.
“The government is not taking forward a lot of the proposals it mooted last year, but this is still a major proposed set of changes. Many of the proposed reforms are clearly intended to be business-friendly.
“The UK will, though, keep the current UK GDPR framework, which is strongly tied to the EU’s GDPR. There is still a risk, though, that the European Commission will see some of the changes as a ‘step too far’ and lead it to review the current ‘adequacy’ framework permitting free transfer of personal data between the EU and the UK.”
