You might be wondering what's happening with UK data protection laws now, especially after the change in government and potential reforms.
Data protection law is fast-moving with several proposed reforms to data protection law. In this update, we’ll explore the current state of play with data protection law in the UK and what your business needs to know.
What are the current UK data protection laws?
If your business processes personal data, you need to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The purpose of these laws is to make sure personal data is handled lawfully, fairly, and transparently. I
It is crucial to stay compliant with these rules to avoid negative implications for your business, such as regulatory enforcement action by the Information Commissioner’s Office (ICO) and damage to your business's reputation.
What was the Data Protection and Digital Information Bill?
You may have heard of the previous government’s plans to change data protection laws in the UK.
The Data Protection and Digital Information Bill (DPDI Bill) was a prospective new law which aimed to make data protection compliance in the UK simpler. Its plans included reducing record-keeping requirements for low-risk data processing, replacing Data Protection Officers with Senior Responsible Individuals, and changing cookie laws.
However, the DPDI Bill didn't pass in the ‘wash up’ process before the May 2024 general election. What does this mean for your business? You must continue to comply with the existing UK data protection laws for now. However, some elements of these plans may be resurrected following the King’s Speech, as we explore below.
What does the future hold for UK data protection laws?
Even though the DPDI Bill didn't make it through the parliamentary wash-up session, the new UK government is showing commitment to introducing certain data-related laws.
The King’s Speech on 17 July 2024 presented several new legislative plans in the pipeline for the next parliamentary session, including:
A new Digital Information and Smart Data Bill
This bill aims to create a regulatory framework suitable for the modern digital environment, aiming to reform data sharing and standards. It will introduce digital verification services, implement smart data schemes, and modernise and strengthen ICO powers. It remains to be seen whether the new government will now seek to revive some elements of the old DPDI, although this is expected to be the case, and we continue to watch this space.
Cyber Security and Resilience Bill
This bill aims to strengthen the UK's cyber security framework and is expected to update The Network and Information Systems regulations, increasing the scope to safeguard more digital services and supply chains. It aims to enhance protections for critical infrastructure and public services and increase regulatory powers. This is a welcome development as cyber security is an increasing threat to businesses, with several high-profile cyber attacks recently hitting the headlines, which we outline here [LINK].
AI Legislation
While anticipated, no specific artificial intelligence (AI) legislation was announced. However, the government has expressed an intent to develop AI regulations in the future.
They have committed to establishing appropriate legislation that will impose requirements on developers of the most advanced AI models. Given the high-profile nature of AI regulation, we’re keenly awaiting further details on the government’s regulatory plans in this rapidly evolving field.
The King’s Speech did introduce a Product Safety and Metrology Bill, aimed at addressing new product risks and opportunities. This bill is designed to keep the UK abreast of technological advancements, including AI, suggesting a broader approach to tech regulation.
Businesses will need to await further information and see these new prospective laws to fully understand their impact and what they could mean in practice.
What should your business do now?
Your business must continue to adhere to the UK GDPR and Data Protection Act 2018. While there's no current indication of wholesale reform, new bills may supplement existing data protection laws.
Ensure your data processing practices remain compliant by keeping privacy policies and procedures up to date, following the latest ICO guidance, and training your teams on recent developments affecting your operations.
Stay informed and prepared for potential new data protection and cyber security compliance requirements as the government progresses with legislative reforms.
The government’s proposals in the King’s Speech are a promising start, but they have a long way to go before becoming law. We're closely monitoring developments and will provide updates on how these new bills may impact UK data protection law.
Given the constant evolution of data protection laws, we understand the challenges of staying compliant while running your business. Our data protection legal experts are available to help you navigate these changes and ensure your business remains compliant and forward-thinking. Don't hesitate to contact us for advice.
Related articles
How can we help?
To access legal support from just £145 per hour arrange your no-obligation consultation today. We aim to respond to all messages received within 24 hours.
Call 0800 689 1700 or email
enquiries@harperjames.co.uk.
