On the 10th September 2021, the Department for Digital, Culture, Media, and Sport (DCMS) released its proposal to reforming UK Data Protection laws, called “Data: a new direction”. The document included removing the need for Data Protection Officers, records of processing activities, and data protection impact assessments. In its place is a concept of a more flexible, risk-based ‘privacy management programme‘.
- Creating a ‘whitelist’ of situations in which the legitimate interest test would apply with having to conduct a balancing exercise, for example using analytical cookies.
- Re-introducing a notional fee for subject access requests, and invalidating vexatious DSARs.
- Implementing a Privacy Management Programme which will require you to define roles and responsibilities within your organisation with respect to data protection, in particular designating an individual responsible for the PMP; demonstrate evidence and support from senior management; implementing processes to monitor and update the programme and check its effectiveness; implement measures to support the programme.
- Making international data transfers of personal data from the UK to 3rd countries more “proportionate, flexible and interoperable”.
- Changes to the role of the Information Commissioner’s Office will involve moving towards addressing the most serious threats posed to public trust.