The new laws set out government proposals in relation to, for example, senior responsible individuals, data protection officers and impact assessments. They also:
- Remove the requirement for a UK representative.
- Include examples illustrating when processing of data is necessary for the purposes of ‘legitimate interests’, such as for direct marketing purposes and for transfers within groups of companies.
- Ease the requirement to keep a record of processing of personal data such as health information, so the requirement only applies to processing which is likely to result in a high risk to individuals’ rights and freedoms in the circumstances. The Information Commissioner must, under the new rules, publish examples of such processing to help organisations comply.
The proposals also include changes in areas such as the definition of scientific research – so that commercial organisations, not just academics, will be free to reuse research data – and automatic decision-making, to facilitate developments in artificial intelligence.
Fines for nuisance calls and texts are set to increase, the need for cookie pop-ups is to be reduced, and rules are to be introduced for optional digital ID verification.
Organisations outside the UK will also have to apply the new rules if they provide goods or services to individuals in the UK.
UK individuals, businesses and other organisations that sell goods and services into the EU must continue to comply with EU data protection laws in relation to those goods and services where they apply, as well as the UK rules for their goods and services provided in the UK.
On a larger scale, the EU currently recognises the UK’s data protection regime under its adequacy rules. However, it is due to review the UK’s adequacy status in June 2025. If the EU decides to withdraw recognition because it considers the new rules diverge too much from its own data protection laws, that may mean restrictions on the transfer of personal data between the EU and the UK.
Operative date
- To be confirmed
Recommendation
- Those affected should monitor progress of the proposed new rules through Parliament, and review/plan changes to their existing processes, policies and structures accordingly as the final form of the new laws becomes clear.
This article from Atom Content Marketing is for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.
Copyright © Atom Content Marketing
ICAEW Business Advice Service
Grow your business with trusted business advice. We connect entrepreneurs, start-ups, and SMEs with ICAEW regulated accountancy firms who will provide a free initial consultation without obligation.
About Legal Alert
Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business.