Data reform is on its way
Hopes that the as-yet-unpublished Data Reform Bill will not cause any additional legal and administrative issues or complications surrounding GDPR.
As usual, the Queen’s Speech contained few surprises. However, albeit expected, the proposed reform to the UK’s data protection regime via the soon to be published Data Reform Bill will require careful consideration to ensure that it does not cause additional legal and administrative issues. Reform is always welcome. However, we should tread carefully.
In essence, the unpublished Data Reform Bill is intended to provide the UK with a ‘gold standard’ data protection regime to reduce the burden on business, boost the economy and encourage scientific innovation. It is also intended that the Information Commissioner’s Office will be modernised, for example, to permit it to take stronger action against offenders and be more accountable to Parliament, while it is envisaged that the Data Reform Bill will also increase participation in smart data schemes to permit individuals and small businesses more control over their data and improve access.
The Government’s perceived benefits include:
- increased competitiveness and effectiveness of UK businesses (for example, allowing them to focus on outcomes “rather than box ticking”)
- facilitating the use of data to “empower citizens and improve their lives”
- creating a clear regulatory environment and simplifying rules around research.
Although the potential benefits of the Data Reform Bill are undoubtedly admirable, from a legal perspective any reforms must be carefully crafted to avoid bringing about a loss of our Adequacy Decision from the EU (which facilitates easy data transfer between the UK and the EU) if, for example, the EU considers that our reformed data protection regime does not meet the standards of the GDPR. Any loss of an Adequacy Decision is likely to increase the administrative burden and costs of businesses when transferring data to and from the EEA.
Furthermore, a reformed data protection regime may entail the requirement for parallel data mechanisms within UK businesses which must comply with the UK laws and EU GDPR.
In summary, although reform is often encouraged, in this case, any reforms must take into account the current position with the EU permitting data transfers. We have not yet had sight of the draft Data Reform Bill, so time will tell how it will affect UK businesses… watch this space.
To discuss the data reform announcement and what it means in more detail or to discuss any other issues involving IT systems and data protection, contact our data protection solicitors.