Earlier today (Tuesday, 7 November) King Charles III held his first State Opening of Parliament, marking the formal start of the parliamentary year and setting out what the Conservative Government hopes to achieve in the year ahead, including proposed legislation and policies.
King Charles’ first King’s Speech as monarch highlighted 21 laws that ministers intend to pass in the year ahead, including sentence reforms, a crackdown on smoking and the proposed phasing out of leaseholds.
Approximately a third of these have been carried over from the previous session, or previously published in some form. Among those carried over is the Data Protection and Digital Information (No.2) Bill.
Originally, the first iteration of the bill had been introduced in 2022 but was paused in October that year as a result of the reshuffling UK Government. Reintroduced in March this year, the legislation is aimed at amending and simplifying the UK’s data protection regime.
Although the proposals contained within the Bill may change throughout the legislative process, in its current form, the bill contains a package of reforms aimed at reducing the burdens businesses face. This includes the creation of a data protection framework that is focused on privacy outcomes rather than box-ticking and providing a clearer regulatory environment.
Changes from the current landscape include abolishing the requirement for a Data Protection Officer (although a Senior Responsible Individual will need to be appointed for any potentially high-risk processing) and additional responsibilities for and a change in structure of the Information Commissioner’s Office, the data protection regulator for the UK.
Background briefing notes from the King’s Speech claim that the Bill “reduces burdens on businesses (especially SMEs), removes unnecessary barriers placed on scientific researchers, boosts the economy by £4.7 billion over 10 years”.
However, while these changes are only aimed at simplification and clarity, it remains to be seen whether or not the UK Government will face challenges in ensuring the UK adequacy decision with the EU—which allows for the free transfer of data between the EEA and the UK—remains intact.
If the EU Commission considers that the UK’s new rules no longer ensure an adequate level of protection, it could potentially terminate or suspend UK adequacy. This would mean that UK organisations would need to rely on other mechanisms to transfer their data to the EEA.
We’ll be keeping a keen eye on how the proposed legislation proceeds.
If you have any questions on data protection and the potential impacts this new law may have on your business in the future, please contact our Commercial Team.