Digital Privacy Bill

avatar
Created by
Patrick Forrest

Cards (5)

  • Your personal and company data are protected
  • Data Protection and Digital Information Bill (DPDI)

    A proposed UK law that seeks to reform the UK's data protection framework, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act (DPA 2018)
  • Differences between the DPDI and the UK GDPR
    • Personal data: The DPDI seeks to change the definition of personal data with the concept of an "identifiable living individual", which is a more subjective definition
    • Scientific research: The DPDI introduces a new definition of scientific research, which would include a much wider range of commercial activities
    • Legitimate interest: The DPDI introduces the concept of "recognised" legitimate interests and an exemption from the requirement to conduct a balancing test
    • Records of Processing Activity (RoPA): Under the DPDI, controllers & processors would only need to keep a RoPA when rights and freedoms of individuals were at high risk
    • Data Protection Impact Assessments (DPIAs): The DPDI would not make DPIAs mandatory and only high-risk processing would require an assessment
    • Data Subject Access Requests (DSARs): The DPDI is expected to provide more clarity on when requests to access personal data can be refused as "manifestly unfounded or excessive"
  • The DPDI is still a bill and is subject to change before it becomes law
  • For more detailed information, you may want to refer to the full text of the DPDI or consult a legal expert