This Bill aims to make changes to the UK General Data Protection Regulations (UK GDPR) and to introduce several significant data protection and ePrivacy reforms.
Key proposed changes:
- removing the traditional role of Data Protection Officer and to replace it with ‘Senior Responsible Individual’ (SRI)
- remove the requirement to complete a data protection impact assessment – although risks must still be identified and managed but on a risk based approach
- require only controllers or processors of data that is likely to result in high risk to the rights and freedoms of individuals, to keep and maintain records
- the Regulator, the Information Commissioner’s Office, will be replaced by the Information Commission and supported by a statutory Board, with a Chair and Chief Executive
- remove the requirement for non-UK based controllers and processors to appoint a UK representative
- remove the current test threshold “manifestly unfounded or excessive” when managing subject data access requests and replace with “vexatious or excessive”. Examples quoted in the Bill include requests that are intended to cause distress, not made in good faith or are an abuse of process.
WE’RE HERE TO HELP
If you need help navigating these changes in your workplace, our expert team can help. Contact us on 0844 324 5840 or get in touch with us here.
