The Department for Digital, Culture, Media and Sport (DCMS) has recently published its response to the consultation on data protection reform (which we previously wrote about here). For those disappointed by the lack of detail in the Queen's Speech on the Data Reform Bill, this response provides a clearer picture of UK data protection reforms to come – which measures the UK Government is taking forward, which it is dropping and which it needs to consider further. For the detail, we'll need to wait for the text of the draft Bill itself.
This briefing looks at the likely impact on businesses of the principal changes (as well as those changes that didn't make the cut). The consultation is broken down into 5 chapters: reducing barriers to responsible innovation; mitigating burdens on businesses and delivering better outcomes for people; minimizing barriers to data flows; improving public services (which we do not cover in this briefing); and reform of the ICO.
"A clampdown on bureaucracy, red tape and pointless paperwork" (according to the DCMS). Perhaps. The good news for those who have invested heavily in complying with UK GDPR is that, if you are already compliant, you are unlikely to have to make substantial changes in order to remain so, as the changes proposed here are incremental to the existing regime, not a seismic shift. It also looks likely that those subject to both the UK GDPR and the EU GDPR, wishing to take a harmonised approach across their business, should (broadly) be able to satisfy the requirements of both regimes by adhering to the EU GDPR standard.