UK Data Protection Reforms via the Data Protection and Digital Information Bill

Since its introduction in May 2018, the GDPR (General Data Protection Regulations) have been a complex and burdensome piece of legislation that many UK employers have struggled with but with the freedoms afforded to the UK in a post-Brexit environment, the UK Government has seized the opportunity to update and simplify the UK GDPR and Data Protection Act 2018 (DPA 2018) with a view to reducing burdens on organisations, while still maintaining high data protection standards.

GDPR Regulations

The Data Protection and Digital Information Bill (Bill 143 2022-23)

On 18 July 2022, the much-anticipated Data Protection and Digital Information Bill (Bill 143 2022-23) was introduced into Parliament, following publication of the government’s response to its consultation, Data: a new direction.

The Bill aims to introduce more flexibility and makes provision for a variety of measures relating to personal data and other information, including digital information.

There are numerous proposed changes, which include:

  • Reforming the ICO.
  • Changes to PECR, relating to cookie rules, unsolicited direct marketing and communications security (for example, network traffic and location data).
  • Clarification of the rules on international transfers and cross-border flows of personal data.
  • Establishing a framework for the provision of digital verification services.
  • Changes to Part 3 (law enforcement) and Part 4 (processing by the intelligence services) of the Data Protection Act 2018.
  • Changes to police use of biometrics.

Explanatory notes (Bill 143 EN 2022 23) were also introduced into Parliament, although they do not form part of the Bill and have not been endorsed by Parliament.

The second reading is scheduled to take place on 5 September and further stages will be announced on Parliament’s Stages webpage.

Do You Need Assistance?

The specialist employment law team at Employment Law Services (ELS) LTD have extensive experience in advising UK Employers on their legal obligations in respect data protection to ensure compliance.  If you have any queries about your legal obligations you can call us on 0800 612 4772, Contact Us via our website or Book a Free Consultation online.

Coronavirus & Data Protection Issues | Key Questions for Employers Answered

Data Protection is often a minefield for Employers at the best of times but what Data Protection issues could the Coronavirus outbreak create?  We have collated information from a variety of reliable sources and provide it here to ensure UK Employers are aware of their legal obligations and to assist them to deal with the various implications imposed by the rapid spread of the COVID-19 (Coronavirus) outbreak.

If you are an employer affected by any of the issues being created by the outbreak of Coronavirus and require further assistance and support, call us now on 0800 612 4772 or Contact us via our website. 

This article focuses on Data Protection Issues.

Data protection issues

Do employees have the right to be notified if colleague/customer develops the virus?

The Data Protection Act 2018 defines information about an employee’s health as a “special category of personal data”. This means that it can only be processed by the employer in defined and restricted circumstances.

Employees must be notified of the infection risk as soon as possible. However, the identity of the individual should not be disclosed. An employer should simply advise that an employee who has been in the workplace has been infected and that appropriate precautions should be taken. 

The ICO has confirmed that it will take a pragmatic approach to enforcement in light of the pandemic. It has issued ICO: Data protection and coronavirus: what you need to know which confirms that employers can disclose to colleagues that an employee has contracted COVID-19 provided that they do not provide more information than is necessary and, in most cases, it will not be necessary to name the individual.

Government Guidance

The COVID-19 pandemic is continually changing and the government advice for employers is being updated as the situation develops. Employers should keep track of the guidance for employers from the following sources:

  • Health Protection Scotland: COVID-19: Information and Guidance for Non-Healthcare Settings (applicable in Scotland).
  • Welsh Government: Coronavirus (COVID-19): employers and businesses guidance (applicable in Wales).

For information on the circumstances in which individuals should self-isolate see the following sources:

  • Public Health England: COVID-19: stay at home guidance (applicable in England)
  • Public Health Wales: Novel Coronavirus (COVID-19) – Self-isolation advice (applicable in Wales)

Data Protection Bill set to launch in September

On the 7th of August, the Government outlined its objective for the new Data Protection Bill, it is due to be published next month and will merge the EU’s General Data Protection Regulation (GDPR) into legislation in the UK.

This legislation will now grant individuals the right to be forgotten and ask for any personal data held by others to be erased.

Organisations will have support through this process to make sure they are complying and managing data in line with regulations.

Should an organisation fail to meet requirements, the Information Commissioner will now have additional powers to defend consumer rights, meaning they can now issue fines of up to 17m or 4% of global turnover (whatever figure is higher) in the event that Data Protection Regulations are breached.

Minister of the Department for Digital, Culture, Media and Sport, Matt Hancock stated:

“Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.

“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”

“The Data Protection Bill will allow the UK to continue to set the gold standard on data protection. We already have the largest internet economy in the G20. This Bill will help maintain that position by giving consumers confidence that Britain’s data rules are fit for the digital age in which we live.”

The Department for Digital, Culture, Media and Sport said further that the Bill would:

– Make it simpler to withdraw consent for the use of personal data;

– Allow people to ask for their personal data held by companies to be erased;

– Enable parents and guardians to give consent for their child’s data to be used;

– Require ‘explicit’ consent to be necessary for processing sensitive personal data;

– Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA;

– Strengthen the law to reflect the changing nature and scope of the digital economy;

– Make it easier and free for individuals to require an organisation to disclose the personal data it holds on them;

– Make it easier for customers to move data between service providers.

The Government have said it will be a criminal offence if an individual “intentionally or recklessly re-identifies an individual from anonymised or pseudonymised data.”

In addition, those in association with this who handle or process the data knowingly, will also be committing a criminal offence.

A further offence will be conceived should an individual alter records with the intent of stopping them being identified when someone exercises their right to the data.

How can employers prepare for the reforms?

– Start to consider how to efficiently recruit and train a Data Protection Officer;

– Have in place a clear data policy that defines procedures, in particular data breaches;

– Review employment contracts that regard consent;

– Have in place clear privacy notices that are straightforward so that it is easily translated to your employees;

– Ensure there is a legitimate basis for the retention of data stored and for the transfer of any data. E.G. in relation to HR.

How can we help?

At Employment Law Services (ELS), we will work together with our clients to ensure they are fully protected and prepared for the new regulation to take effect in May 2018. If you have any specific queries about the impact this may have on your business or wish to contact us for a free consultation call us today on – 0800 612 4772.