The government is updating the current data protection framework, and a new Bill outlining the proposal was introduced on 18 July 2022.
The new Data Protection and Digital Information Bill will address issues identified by users of the current framework, by setting out clear guidelines.
The UK GDPR and the Data Protection Act 2018 lays out strict policies to ensure organisations’ compliance.
However, some issues point to uncertainty, barriers and unnecessary burdens on businesses and consumers.
Removing uncertainty, barriers, and unnecessary burdens
To support innovation and growth, several amendments have been made to the current data protection framework. The government proposes to:
- remove the requirement to complete Data Protection Impact Assessments (DPIAs) in relation to high-risk processing activities and consult with the ICO if risks are identified. However, organisations are encouraged to undertake DPIAs and consult with the ICO when appropriate;
- extend the ‘soft opt-in’ by allowing organisations to contact non-commercial organisations – charities and political parties for example – as well as customers by email or text if a relationship exists through a previous purchase. This will promote democratic engagement and have societal benefits; and
- amend the current threshold in responding to subject access and vexatious requests by charging a reasonable fee to comply with it or refusing the request all together when it is “vexatious or excessive”. Previously the threshold was “manifestly unfounded or excessive.” This will prevent requests from affecting the normal function of an organisation’s time, energy, or finances.