Imminent arrival of new UK Data Protection Law

The Data (Use and Access) Bill is expected to receive Royal assent in the coming days. This blog from Clara Westbrook, Head of Privacy at Arbor Law, delves into this landmark piece of legislation aimed at modernising how data is used and accessed across public and private sectors and what its implications could be for businesses.

 

It’s arrived: The Data (Use and Access) Bill has been passed and is expected to receive Royal assent in the next few days! There was speculation that the bill would likely halt its Parliamentary journey in this session given the number of amendments going back-and-forth between the Commons and the Lords and have to start again ab initio in the next parliamentary session. However, the opposite has happened – it has now been passed, and it is likely to come into a force about one year after the receipt of Royal assent.

My general impression overall is that this new law will make using data a little less burdensome for companies with the aim of promoting economic growth of the UK, considering technological advancement and developments.

A few highlights:

  • One key change, huge for business, is the fining regime for breaches of PECR, which are brought in line with the GDPR fining regime. PECR fines are currently capped at £500,000. That’s a big jump from a maximum of £500,000 to a maximum of 4% of global annual turnover or £17.5 million, whichever is greater.
  • Companies will find dealing with subject access requests a little less burdensome.
  • Reliance on legitimate interests as a lawful basis will become easier for companies.
  • The use of cookies will be less burdensome in terms of consent requirements.
  • Automated decision-making will become less burdensome as the specific consent requirement will be dropped although full transparency regarding automated decision-making will still be required.

So, you may be asking yourself “what should my business be doing in preparation for this new law?” At the moment, it’s business as usual (provided that your business as usual is compliant with current data protection laws!)

The law is not yet in force but it’s a good time to start looking at your data protection practices to assess whether, when the new law comes into force, there are changes that you can make which will benefit your business.

How Arbor Law Can Help you with your data protection requirements

Contact us for advice and support on this or any other aspects of corporate law.

 

About Clara Westbrook

Clara is Head of Privacy at Arbor Law and was called to the Bar at Lincoln’s Inn. Clara spent time working at the Court of Justice of the European Union before becoming a commercial lawyer, specialising in data protection for 25 years and working with some of the world’s biggest brands. During this time, Clara advised businesses on European and English Data Protection law helping them to navigate this complex area in an accessible and commercial way, enabling them to achieve their business objectives in compliance with data protection law.