Сhanges in the personal data processing

Updated: Jan 27

1 November 2021


The UK government announced a new personal data protection regime. After Brexit, the approaches defined in the GDPR will be changed. Therefore, almost every business in the UK should be ready for such changes.


Please see the main potential changes and we will keep you informed.


Reshaping approach to regulation


Outside the EU, the UK reshapes its approach to regulation and seize opportunities with its new regulatory freedoms, helping to drive growth, innovation and competition across the country.


The proposals aim to deliver an even better data protection regime that will:

  • support vibrant competition and innovation to drive economic growth;

  • maintain high data protection standards without creating unnecessary barriers to responsible data use;

  • keep pace with the rapid innovation of data-intensive technologies;

  • help innovative businesses of all sizes to use data responsibly without undue uncertainty or risk, both in the UK and internationally;

  • ensure the Information Commissioner’s Office (ICO) is equipped to regulate effectively in an increasingly data-driven world.

Proposed changes to the UK GDPR


Some of the proposed changes to the UK GDPR are:

  • Making the legitimate interests’ lawful basis easier to use, by publishing a limited, exhaustive list of legitimate interests that organisations can use without having to complete a balancing test.

  • Removal of the right to human review of decisions made on the basis of solely automated data processing.

  • Introducing a fee for responding to subject access requests and allowing organisations to refuse to comply with requests at a lower threshold than “manifestly unfounded”, as allowed in the current legislation.

Potential changes to the UK’s Privacy and Electronic Communications Regulations


The proposals also introduce potential changes to the UK’s Privacy and Electronic Communications Regulations, including:

  • Increasing the current maximum penalty of £500,000 for breaches of the direct marketing regulations to the higher of 4% of global turnover or £17.5 million, thereby matching the maximum penalty under UK GDPR.

  • Removing the requirement for websites to obtain consent before serving some analytics cookies.

  • Extending the “soft opt in” for direct marketing to organisations other than businesses, such as charities and political parties.

Summary


The review of existing GDPR legislation is now in full swing. There is a public consultation on possible changes until 19 November this year. Most of these provisions are expected to receive support and to be implemented.


Lef Changes in the protection of personal data
.pdf
Download PDF • 1.57MB

For further information on any of the points above contact

Mikita Makayou at mikita@lexefiscal.com, or

Dr. Frank at clifford.frank@lexefiscal.com.

6 views0 comments

Recent Posts

See All

Thanks for submitting!