Back on the roundabout or not 

What does the ‘Data Reform Bill’ mean for business?

Making sure that you’re handling and looking after the data in your business correctly is extremely important.  The Government has recently announced that they plan to introduce a “Data Reform Act” which may make changes to the current laws on data protection.  With this in mind I’m delighted to share this guest blog post from  Gayle Parker from Datasense Consulting with you. 

The government chose the platform of this year’s Queen’s speech to announce a whole raft of changes and new laws. One of these was the ‘Data Reform Bill’. I could almost hear the collective groan of UK business as another change to data compliance was tabled. So, what does it actually mean in practical terms and will be it be very different from GDPR?

What is the data reform bill all about?

Well, that is a very good question. At this stage it’s actually rather difficult to be precise because there are so few details actually available to be precise about. In essence though it is about amending, or changing the current GDPR legislation. So, before everyone who remembers the commotion around GDPR when it was first announced goes off to find a quiet corner to scream in, it’s worth mentioning the intention of these changes.

One of them is to reduce the paperwork burden on businesses and researchers when it comes to best use of personal data. I think we all welcome any clarification in this area as it has been problematic to say the least.

Other aims are to create a bill that will result in a reduction of what they call ‘box-ticking’ and focus on privacy outcomes rather than what they see as excessive paperwork. There are also a lot of good intentions about increasing competitiveness and getting rid of processes that create burdens for business with little benefit to citizens. This is summarised by the intention to create a ‘Gold Standard’ for data protection. As to what they actually mean though, well we will need to wait a little longer for specifics.  Read on though because there are some things we do know.

Why is this happening?

I think it is fair to say that the change is primarily because of Brexit.  According to government literature the move is to take advantage of the benefits of Brexit and create a new pro-growth and trusted UK data protection framework. When the UK left the EU most of the European laws were just carried over.  GDPR was still embedding at the time and to change the law less than 2 years after it was introduced would probably not have been ideal. There has always been an agenda of data reform on the table, and this seems to be a continuation of that.

When will it happen?

Actually, this is a bit of a how long is a piece of string question. The consultation has finished but the actual reforms themselves have not been released in any detail.  As these are reforms, not a replacement law,  could speed things up. The full outcome of the consultation will be published in the coming months and from there we can start to guess at a timetable for the changes.

What will it mean for business?

The current lack of meaningful detail makes it difficult to be precise but there are some elements we can draw conclusions from.  The bill refers to enabling public bodies to share data so presumably this means a different approach to data for the police, NHS, social services and so on, than the business community.

When it comes to a more general discussion, we are being told that there will be a culture of data protection rather than box-ticking.  What this may mean is a set of outcomes or perhaps principles will be introduced allowing more freedom of interpretation of how they are applied.  This could be good in one respect; in that it would allow a reduction in parts of the legislation that are problematic or hard to enforce for certain businesses.  However, with the freedom of choice will come more onus on the business to make sure they are following the spirit of the reforms and meeting legislative requirements. Practically speaking, if GDPR worked for your business, then it is likely to still be the case for the Data Reform Bill but probably a compliance check at least and a few policy revisions will be in order.  For those businesses for whom this means either changing things to take advantage of new data freedoms or where the new legislation is significantly different than their requirements under GDPR, then it could mean a full review, implementation of new working practices and significant policy changes.

GDPR still applies, so it is always the best option to ensure you are meeting current legislation

 

Gayle is a Certified International Privacy Professional (CIPP/E) and has helped lots of organisations successfully prepare and implement programmes for GDPR. Her passion is helping organisations protect themselves, their customers and their data from the ever-evolving threats of the digital world – whether that’s through consultancy or practical, hands on training.  She set up Datasense Consulting in 2018 and has worked with hundreds of clients to help them understand how GDPR affects their business.  She has no nonsense, helpful approach that cuts through the jargon and gives organisations practical advice.  Datasense is here to help with all your GDPR and Data Protection requirements.