Data Protection and Digital Information Bill
The government published the Data Protection and Digital Information Bill outlining provisions to amend the existing UK GDPR, Data Protection Act 2018 and Privacy and Electronic Communications (EC Directive) Regulations 2003, with the overall framework based on the GDPR.
The purpose of the Bill is to streamline requirements on UK firms and to provide clarification on existing legislation. The UK’s adequacy with the US may be at risk given the proposed powers for the Secretary of State (relating to standards setting) that may be regarded as impeding the independence of the regulator and should UK reforms diverge significantly from the EU this raises the risk of inhibiting cross border data flows.
Changes PIMFA members should be aware of relate to:
- the role of the data protection officer being replaced by a designated senior responsible individual.
- the Bill proposes powers for The Treasury and the Secretary of State to issue regulations requiring data holders to submit customer and business data – the proposals are similar to provisions in the EU Digital Markets Act.
HEAD OF REGULATORY POLICY AND COMPLIANCE
Click to expand.
Data Protection and Digital Information Bill Timeline