We are sharing this update from ACCA, our professional body, for the interest of clients and contacts. The content is (c) ACCA
Businesses and other organisations are bracing themselves for proposed changes to UK data protection rules, which are currently modelled on the EU’s General Data Protection Regulations (GDPR)
Proposals, still subject to confirmation, include:
- changing the rules to enable better digital innovation in artificial intelligence, science research and other key areas
- reducing compliance requirements – for example, current record-keeping obligations, the need to carry out Data Protection Impact Assessments, and the obtaining of consents to use of cookies. The proposals also include changes to the scheme under which individuals can request copies of data held on them – the ‘data subject access request’ scheme
- making it easier to send individuals’ personal data abroad, and vice versa
- allowing government departments to share personal data if it is to improve delivery of their services
- changing the role and powers of the Information Commissioner’s Office.
If the changes are sufficiently different from EU obligations, the current recognition by the EU of the UK rules as ‘adequate’, which allows data to flow freely between the UK and EEA member states may end. UK businesses which operate in both will need to comply with both regimes.
Organisations should monitor the government proposals, and start planning and costing changes needed as the new rules become clearer. Find out more about the government’s recent data protection consultation on the GOV.UK website.