Ryan Gracey Quoted in Compliance Week on UK Data Reform Plans

Tuesday 12th July 2022

Ryan Gracey, a partner at Gordons and technology specialist, has been quoted in Compliance Week on the plans to reform the UK’s data privacy laws.

The government announced that the data reforms will aim to simplify procedures for businesses and reduce ‘red tape’. However, the proposals may clash with elements of the EU’s General Data Protection Regulation (GDPR).

“Enabling organisations to adopt measures less costly and more proportionate…”

Ryan said: “We need to wait for more detail when the actual Data Reform Bill is published, but for now many of the reforms appear a progression to the existing regime rather than a complete overhaul. It is likely businesses already complying with the UK GDPR will not need to make substantial changes to existing measures.

“That said, there are some areas of notable change. Particularly, the new reform to comply with a privacy management programme approach, instead of the ‘one-size-fits-all’ accountability requirements under the current UK GDPR.

“The PMP approach is intended to be more flexible and risk-based. Effectively, enabling organisations to adopt measures less costly and more proportionate to the sensitivity and volume of personal data they actually process.

“The Government’s intention to support trade by adopting a risk-based approach to its adequacy assessments will also be beneficial.  In practice, there should be more countries on the Government’s safe list for transfers of personal data from the UK. Ultimately cutting down on compliance processes and costs for businesses associated with data exporting.

“The reduction to the ICO’s independence is also potentially significant. It could have an impact, particularly in the current political climate, on the EU’s own adequacy findings about the UK which could hinder data flows if it was revoked. Albeit, at this point, the reforms don’t seem to take the UK materially further away from EU standards adopted by other countries where the EU have granted adequacy decisions.”

You can read Ryan’s comment on Compliance Week here.