Following its airing at the recent King’s Speech the much-discussed Data Protection and Digital Innovation Bill (DPDI) will have its ‘remaining stages’ in the House of Commons on 29 November.
There are 21 possible amendments to the Bill all most of which have been referred to as ‘common-sense’ and it is expected to fly through parliament, meaning it is likely to become law early next year.
The DMA supports the ratification of the Bill having been heavily involved in shaping many of its elements. Key differences to GDPR include:
- How personal data is defined
Under DPDI information will only be considered as identifiable by a person other than the controller or processor if that other person obtains the information as a result of the processing.
- Data for Subject Access Requests
The current threshold for refusing or charging for SARs will be lowered bringing it in line with the Freedom of Information Act
- Data hygiene
GDPR mandates data accuracy, however, it doesn’t explicitly focus on data hygiene, DPDI will do so
- Legitimate Interest
There will be greater clarity around legitimate interest meaning that more businesses will be able to use it as a lawful basis for marketing
- Soft opt-in
Soft opt-in will be extended to charities
- Privacy management
Organisations will be required to implement a privacy management programme
- The ICO
The governance structure and powers of the ICO will be reformed and transferred to a new body, the Information Commission.
- Higher fines for electronic communications
Fines of up to £17m or 45 percent of global turnover will be levied for electronic marketing infringements
- DPIAs
Data Protection Impact assessments will no longer be mandatory – but organisations will need to have an alternative risk process in place if they chose not to do carry out a DPIA
The proposed changes aim to strengthen data protection measures, facilitate responsible data sharing, empower individuals, promote ethical AI, and align with global standards. By doing so DPDI will help to ensure that data protection regulation is adaptable and responsive to the challenges and opportunities presented by the digital age.
Data protection reform is always unsettling – we all remember the implementation pain (and ongoing ache) associated with the introduction of GDPR. However, in contrast, DPDI has been designed to make it easier for organisations to manage the personal information of their customers. For further information about how the changes might impact you please do get in touch! Otherwise, let’s see what this week will bring!