Consultation on reforms to UK data protection laws

Closing date: 19 November 2021

The Government consults on wide-ranging reforms to the UK General Data Protection Regulation (retained from EU Regulation 2016/679 EU) and Data Protection Act 2018. The proposals include:

  • implementing a more flexible, risk-based accountability framework based on privacy management programmes;
  • clarifying when organisations can rely on their legitimate interests as a ground for processing data;
  • introducing a fees regime for data subject access requests, meaning that individuals seeking access to personal data held by data controllers would have to pay a fee;
  • replacing the requirement to designate a data protection officer with an obligation to identify suitable individuals as responsible for the privacy management programme and overseeing compliance;
  • removing the requirement to undertake data protection impact assessments, so that organisations can adopt a wider variety of approaches to identifying and minimising data protection risks; and
  • reforming record-keeping requirements, with organisations given more flexibility around how they keep records in a way that reflects the volume and sensitivity of the personal information handled.

Consultation document: Data: a new direction