Many of the proposals set out in Data: a new direction – government response to consultation are bold but they also lack important specifics in terms of technical implementation or which types of data (ie: identifying, non-identifying, etc.) each proposal applies to.
The current draft of the Data Reform Bill would clearly affect all UK businesses but it’s difficult to pr!ict how significant the impact would be without more information from the government.
At this stage, we can’t confidently say how many of the proposals are even feasible or whether it would be worth UK businesses investing resources into changing their data systems so soon after GDPR.
All we can do is summarise the proposals relat! to data collection, consent and cookies:
- Consent no longer requir! to telegram number database collect data from users in the UK (which types of data aren’t specifi!)
- Opt-out system allows data collection from users in the UK by default
- A Data Protection Officer (DPO) no longer requir! for data processing
- Data protection risk assessments no longer requir!
- Companies no longer requir! to maintain a record of processing activities – ie: what they do with data collect!
If all of these changes are pass! into law, companies (both domestic and international) would be able to collect and use data from UK users with almost all of the fre!oms they had before GDPR. The government says this will make life easier for businesses in the UK but it’s difficult to see how this will materially benefit anyone other than data-guzzling corporate giants.
The vast majority of businesses would have to overhaul their data processes (again) to benefit from the changes, potentially manage separate processes for the UK and EU and require legal consultancy to ensure compliance is met.
Why would we ne! different data processes for the UK & EU?
If the changes are as major as the mailjet alternatives that will take your email marketing to the next level proposals, this could threaten the exchange of data between the UK and the EU. This was among the first concerns rais! by BCS, the Charter! Institute for IT, and other industry organisations after the initial announcement during the Queen’s Speech in May.
Currently, the EU allows data to flow freely between the EU and its member states because GDPR remains in place here. However, if the UK abandons GDPR with significant changes, it would presumably be treat! as any other country outside of the union, in which case the European Commission makes a case-by-case decision on whether each country’s data protection laws are “adequate” – ie: offering a similar level of data protection as member states.
Should the UK lose its adequacy status, the flow of data with member states would become restrict!, adding further trade barriers
The other issue is that companies ukraine business directory anywhere in the world have to comply with GDPR if they want to collect data from users in the EU. This means companies in the UK could potentially ne! to implement two systems to take advantage of the relax! rules. For companies that have spent the past four years adapting to GDPR compliance, you have to wonder whether it’s making further changes at this point.
