The new bill provides an update to data protection legislation and is expected to bring a £10 billion spend by the UK Government to improve how data is used across the country.
The Data (Use and Access) Act received Royal Assent yesterday and amends (but does not replace) the UK GDPR and Data Protection Act 2018. The updates to the legislation are intended to make it easier for UK businesses to innovate their products, processes and services whilst maintaining data protection and legislation compliance, as well as allowing better access to data for members of the public.
One of the key updates includes improving access to healthcare information and allowing increased data sharing between departments, speeding up processes within the NHS with the intention of reducing wait times for patients and expecting to save 140,000 hours a year in admin time.
Another element aims to reduce traffic delays by improving construction workers’ access to a map of underground pipes instantly, rather than through the six days this process currently takes. This will allow any necessary work to begin sooner, aiming to improve road users’ journeys.
From a data user perspective, legislation will include digital verification services and will bring in trusted tools to prove identity in a quicker, simpler manner, making processes of identity verification easier for businesses too.
Data access will be improved for those looking for more appropriate utility providers, by allowing consumers to share their energy use and therefore creating more accurate price comparisons, allowing customers to search for better deals. This is also intended to boost competition in the industry and encourage innovation.
Other changes to the legislation includes reducing restrictions on automated decision making, improving charity abilities to send email newsletters without consent (in certain circumstances) and clarifying how personal data can be used for research.
From an organisational perspective, businesses will now be required to have a formal data protection complaints procedure as well as considering the lawful bases for data use, as is currently a key part of data protection legislation. Many other updates will be made as the Act is implemented, for both businesses and individuals.
The Act also provides the Information Commissioner’s Office (ICO) with new powers, such as requiring witnesses to attend interviews, request reports from a technical perspective and deliver fines under the Privacy and Electronic Regulations (PECR). As with other data protection legislation, this can be a high cost, up to £17.5m or 4% of global turnover.
The ICO has released a variety of information regarding the new Act, for both organisations and members of the public, including:
- A detailed summary of the changes for data protection experts.
Our team have begun working in the changes into our training sessions and are already advising our clients on how the new bill will impact their business. If this is something we can help you with, please do get in touch.
