The government chose the platform of the Queen’s speech to announce a whole raft of changes and new laws. One of these was the ‘Data Reform Bill’. I could almost hear the collective groan of UK business as another change to data compliance was tabled. So, what does it actually mean in practical terms and will be it be very different from GDPR?
What is the data reform bill all about?
Well, that is a very good question. At this stage its actually rather difficult to be precise because there are so few details actually available to be precise about. In essence though this is about amending or changing the current GDPR legislation. So, before everyone who remembers the commotion around GDPR when it was first announced goes off to find a quiet corner to scream in, it’s worth mentioning the intention of these changes.
One of them is to reduce the paperwork burden on business and researchers when it comes to best use of personal data. I think we all welcome any clarification in this area as it has been problematic to say the least.
Other aims are to create a bill that will result in a reduction of what they call ‘box-ticking’ and focus on privacy outcomes rather than what they see as excessive paperwork. There are also a lot of good intentions about increasing competitiveness and getting rid of processes that create burdens for business with little benefit to citizens. This is summarised by the intention to create a ‘Gold Standard’ for data protection. As to what they actually mean though, well we will need to wait a little longer for specifics. Read on, though because there are some things we do know.
Why is this happening?
It is fair to say that the change is primarily because of Brexit. According to government literature the move is to take advantage of the benefits of Brexit and create a new pro-growth and trusted UK data protection framework. When the UK left the EU most of the European laws were just carried over. GDPR was still embedding at the time and to change the law less than 2 years after it was introduced would probably not have been ideal. There has always been an agenda of data reform on the table, and this seems to be a continuation of that.
When will it happen?
Actually, this is a bit of a how long is a piece of string question. The consultation has finished but the actual reforms themselves have not been released in any detail. As these are reforms, not a replacement law, that could speed things up. The full outcome of the consultation will be published in the coming months and from there we can start to guess at a timetable for the changes.
What will it mean for my business?
The current lack of meaningful detail makes it difficult to be precise but there are some elements we can draw conclusions from. The bill refers to enabling public bodies to share data so presumably this means a different approach to data for the police, NHS, social services and so on, than the business community.
When it comes to a more general discussion, we are being told that there will be a culture of data protection rather than box-ticking. What this may mean is a set of outcomes or perhaps principles will be introduced allowing more freedom of interpretation of how they are applied. This could be good in one respect; in that it would allow a reduction in parts of the legislation that are problematic or hard to enforce for certain businesses. However, with the freedom of choice will come more onus on the business to make sure they are following the spirit of the reforms and meeting legislative requirements. Practically speaking, if GDPR worked for your business, then it is likely to still be the case for the Data Reform Bill but probably a compliance check at least and a few policy revisions will be in order. For those businesses for whom this means either changing things to take advantage of new data freedoms or where the new legislation is significantly different than their requirements under GDPR, then it could mean a full review, implementation of new working practices and significant policy change.
Whatever happens we are here to help, and keep you informed. In the meantime, GDPR still applies, so it is always the best option to ensure you are meeting current legislation. Call us and let’s talk about your data protection requirements.