10 May 2022

The Data Reform Bill 

By Dr Kit Good, Senior Data Protection Advisor

All the news in the run-up was about Prince Charles delivering the Queen’s Speech on his mother’s behalf, but for the data protection sector, the line “The United Kingdom’s data protection regime will be reformed” was the most significant, if long expected. 

The government’s briefing pack gives a two page summary of the ‘Data Reform Bill’ and anyone who has read the 2021 ‘Data: A New Direction’ can see the natural progression of the concepts in that document. 

On one hand the Bill summary describes a new law regime that ‘reduces burdens on businesses’ and ushers in ‘a more flexible, outcomes-focused approach to data protection that helps create a culture of data protection, rather than “tick box” exercises.’ The government’s earlier consultation explored recommendations such as removing the obligations around Article 30 record keeping (the “ROPA”), data protection impact assessments (DPIAs) and removing the requirement to appoint a data protection officer (DPO). Saddle up for a new era of deregulation. 

And yet on the other hand, the Bill also looks to ‘[m]odernise the Information Commissioner’s Office, making sure it has the capabilities and powers to take stronger action against organisations who breach data rules’. A better resourced regulator will surely mean organisations will be called on more often to maintain and produce the means to account for their data processing. To go back to the consultation document, a lengthy passage detailed the introduction of ‘privacy management programmes’, encompassing ‘leadership and oversight, risk assessment, policies and processes, transparency, training and awareness of staff, and monitoring, evaluation and improvement.’ Many data protection professionals will wonder why they hadn’t tried implementing this before. The documentary ‘burden’ is not necessarily going anywhere or, in this form, a bad thing. 

The GDPR is not a sacred text. It’s a principle based legislation which is still being formed and reshaped in caselaw, advice and enforcement. The Data Reform Bill will create a new series of challenges in interpretation and implementation. Some of these will likely be improvements. The bill summary provides a range of eye watering monetary savings, whilst not acknowledging the cost impact of a loss of EU adequacy status or the existing efficiencies inherent in the record keeping and governance procedures the existing law mandates. 

Here at Naomi Korn Associates, we’ll continue to track the developments of the law and help you put in place the practical policies, training and advice you’ll need to keep data protection at the heart of the services you provide. Contact my colleague Jess Pembroke, Head of Data Protection jess@naomikorn.com to find out more. 

Recent News

Photo by Mathew Schwartz on Unsplash
24 March 2023

CILIP Copyright Conference 2023 – Early bird ticket rate ends Friday 31 March

read story
Photo by Andrey Metelev on Unsplash
24 March 2023

Trying to Keep Up:  Art, Museums, A.I., and NFTs 

read story
Credit: Sean Waterman
10 March 2023

NKA at the Association of Cultural Enterprises Conference

read story
22 February 2023

Fair Dealing Week (20 – 24 February 2023)

read story

Back to News