« Back to Blog Homepage

New data protection legislation published to fundamentally alter UK GDPR

UK Parliament and British flag
The UK government has published its response to the data protection consultation

Response to the UK GDPR consultation published

The government have published the draft legislation to amend the data protection regime in the UK. The Data Protection and Digital Information Bill (DPDIB), which was introduced to Parliament just before the summer recess and before the appointment of the new government in September, would modify the existing UK version of GDPR and cause some significant areas of diversion with EU GDPR. Earlier this year, VinciWorks outlined the key changes that were expected to be made. The aim of the new UK data protection legislation is to ease GDPR requirements for companies and make them less burdensome.

What are the key changes the UK data protection bill seeks to introduce?

Among other things, the changes will:

  • amend the definition of personal data
  • use AI to process sensitive data and other information
  • add new legitimate interests
  • remove the requirement for cookie consent
  • amend accountability requirements
  • remove the need to appoint a data protection officer
  • charge fees to access your own data
  • remove record-keeping requirements
  • reform of the Information Commissioner’s Office (ICO)
  • raise fines for PECR breaches

Even though the bill proposes widespread changes, it actually preserves the existing UK GDPR and the PECR, as it was drafted as an amending act rather than a completely new legislative instrument.

In addition, there is a chance that political factors could stymie the bill. If an election is called prior to the bill receiving royal assent, it won’t become law. The UK’s adequacy status with the EU remains a question, even though the government has expressed the opinion it is entirely possible to retain it.

New courses and resources coming soon

VinciWorks is closely following the legislation and will, in the coming weeks and months, be releasing new updated resources, guides and a completely revised UK GDPR course that will reflect the changes and keep you and your organisation aware of everything you need to know about the updated bill. 

Stay updated 

You can keep up with the latest via our blog and through the Regulatory Agenda that we publish, which documents new and important compliance regulations.



Related Articles

GDPR
Biometric crackdown by UK regulator puts focus on big data at work

GDPR
A guide to LGPD in Brazil