It’s been 3 years since the mad panic that businesses went through to get their house in order for the introduction of the Data Protection Act 2018. In that time, technology had already moved on with the digital sector now being worth £151bn. 

We have also left Europe which resulted in us having to prove that we had the same data protection standards as the rest of Europe, even though we had implemented exactly the same laws as the rest of the countries.

And now it is all going to change again!

The Government has recently closed a consultation that aims to change the Data Protection regulations in the UK.  The changes seek to minimise the regulatory burden on businesses which is great news but at the same time this has to be balanced with the amount of data that is out there on all of us, our likes, our dislikes, our health and even our DNA.  With all this data out there cybercriminals are finding new and sophisticated ways in which to obtain the data.

The solution needs to be proportionate to these two sides as well as being easy to navigate for the average small business.

The proposals fall broadly into 5 categories:

1. Boosting trade and reducing barriers to data flows
2. Reduction of administrative burdens on businesses
3. Reduction of barriers to responsible innovation
4. Delivery of better public services
5. Reform of the Information Commissioners Office (ICO)

These proposals include introducing a flexible and risk-based approach which would require a business to put in a privacy management programme that would reflect the type of personal data and type of processing an organisation does.  Therefore, if you are processing sensitive data; health, ethnicity or criminal convictions, you would need to demonstrate a higher level of security.

Some of the other suggestions include taking away the need for a Data Protection Officer, having a Record of Processing Activities and carrying out Data Protection Impact Assessments however you would still need a designated person in the organisation who is able to make risk-based assessments on data processing.

They would also like to place less emphasis on using consent to process data and instead use legitimate interest.

It is not clear yet when these changes will take place and what the impact will be on the ‘adequacy’ decision we have from Europe but it will mean one, thing data protection rules are changing. 

Datasense is here to help you navigate this ever-changing landscape, to keep up-to-date, sign up to our newsletter https://bit.ly/3HWxMQN