After the reform Bill was placed on hold in September 2022, the UK Secretary of State for Science, Innovation and Technology introduced the Data Protection and Digital Information (No.2) Bill to the UK Parliament on 8 March 2023. The five-month pause was to allow deliberations between ministers, businesses, and data experts and to provide for, and maintain, data adequacy within the European Union.

The overall objective of the Bill is to codify a simple and business-friendly framework allowing companies more flexibility in their compliance with the new data laws AKA “cut some red tape”. It seeks to provide businesses with a greater understanding of when they can process data without consent whilst reducing the burden of paperwork when they are already compliant with current data protection legislation.

The introduction of a new and revised GDPR legislation, the ministers predict, will save the UK economy £4.7 billion over the next 10 years.

We will need to wait and see where the Bill lands, and any substantive changes (were they to be agreed) will need to ensure that such reforms don’t jeopardise the UK’s adequacy status. The EU will be closely observing matters, and any material deviations from the EU GDPR could cause issues around data flows for UK and EU businesses alike.

Some of the key provisions of the Bill include:

  • the processing of information regarding individuals
  • utilising information to establish facts about individuals
  • access to business and customer data
  • electronic and private communications
  • the use of e-signatures and e-seals
  • the disclosure of information in an attempt to improve public service
  • the oversight of biometric data
  • information standards for health and social care

We will see further discussion regarding this Bill after it passes the Committee stage in the House of Commons, a date for which is yet to be announced. As they say, watch this space...

This article was co-written by Arina Yazdi, Trainee Solicitor.