Home Data Protection Key Changes in the Revised UK Data Protection and Digital Information Bill

Key Changes in the Revised UK Data Protection and Digital Information Bill

by delta
0 comment

The UK Government recently released the Data Protection and Digital Information (No. 2) Bill on March 8, 2023. This updated version aims to reform the current data protection framework in the UK and is part of a broader package of legislative change designed to maximize the benefits of Brexit. The previous version was published in July 2022 but was put on hold by then-Prime Minister Liz Truss last September.

The original draft of the bill aimed to incorporate the UK’s GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 to promote innovation, reduce compliance burdens for businesses, and maintain the UK’s proper status under the EU General Data Protection Regulation. The proposed amendments included changes related to legal basis, data subject access requests, accountability, international data transfers, and cookies.

Key changes in the revised UK Data Protection and Digital Information (No.2) Bill:

  • Definition of scientific research: The new bill retained the proposed definition of scientific research from the previous version but added further clarifications. The new definition includes scientific research for “transported commercial or non-commercial activities.”
  • Recognized legitimate interests: The revised bill maintains the concept of “authorized legitimate interests” introduced in the previous version. This means that processing activities are automatically deemed to satisfy the balancing of legitimate interests test, providing greater certainty to controllers intending to rely on this legal basis. The new bill also confirms that legitimate commercial activity can be a legitimate interest.
  • Record of processing: The revised bill removes the exception to the recording of processing requirements for organizations employing less than 250 employees. The recording of processing now applies to activities that may pose a high risk to the rights and freedoms of the data subject. The new bill also requires the Information Commissioner to publish a document containing examples of the types of processing that may pose a high risk to individuals.
  • Automated decision-making: The revised bill expands on the previous version’s regulation of automated decision-making. It adds a provision that the Secretary of State may, by regulation, prescribe whether there is meaningful human involvement in decision-making.
  • International data transfer: The new bill allows transfer mechanisms entered into before the bill’s entry into force to remain valid and allows companies to use existing international data transfer mechanisms to transfer data already transferred to third countries.

The revised bill will now go through the legislative process and start its “second reading” in the House of Commons. The date for the second reading has not yet been announced.

DELTA Data Protection & Compliance, Inc. Academy & Consulting – The DELTA NEWS – Visit: delta-compliance.com

You may also like

Leave a Comment


Delta-Compliance.com is a premier news website that provides in-depth coverage of the latest developments in finance, startups, compliance, business, science, and job markets.

Editors' Picks

Latest Posts

This Website is operated by the Company DELTA Data Protection & Compliance, Inc., located in Lewes, DE 19958, Delaware, USA.
All feedback, comments, notices of copyright infringement claims or requests for technical support, and other communications relating to this website should be directed to: info@delta-compliance.com. The imprint also applies to the social media profiles of DELTA Data Protection & Compliance.

Copyright ©️ 2023  Delta Compliance. All Rights Reserved

Newsletter Signup

Subscribe to our weekly newsletter below and never miss the latest product or an exclusive offer.