UK Aims to Create More Business-Friendly Data Protection Framework with New Bill
The UK Secretary of State for Science, Innovation, and Technology, Michelle Donelan, presented the Data Protection and Digital Information (No. 2) Bill to the UK Parliament on March 8, 2023.
The Bill was initially introduced by the UK government in July 2022. It was, however, suspended in September 2022.
As per the press release issued by the UK government, the Bill aims to establish a straightforward, transparent, and industry-friendly system that is easy and affordable to put into effect. It will incorporate the most effective components of GDPR while allowing businesses greater leeway in adhering to the new data regulations.
The press release also highlights that the Bill will guarantee the retention of data adequacy with the European Union, which had been a subject of doubt following the initial announcement of the UK's intention to revamp its data protection legislation.
The Bill has several noteworthy features including the introduction of a non-exhaustive list of legitimate interests of a controller, such as direct marketing, the intra-group transmission of personal data, and network and information systems security.
Additionally, organisations only need to maintain records of processing activities that could potentially result in a high risk to the rights and freedoms of data subjects.
The Bill also increases fines for unsolicited calls and texts to up to four per cent of global turnover or 17.5 million GBP, whichever is higher. It also includes a framework for digital verification services and permits the continuation of transfer mechanisms that were lawfully established prior to the implementation of the new regime.