They say third time’s a charm. Well, the UK’s GDPR Reform Bill, the DPDI, is back.
On 7 November King Charles gave the King’s Speech, setting out the government’s agenda and the explanatory note lists the DPDI Bill on pages 28 to 30.
It’s the third iteration, but it’s in 2023 so we’re calling it DPDI23.
We’ve updated our crosswalk of UK GDPR, now against DPDI23, focussing on:
Here’s a challenge, spot the difference in the RoPA requirements:
There is a difference in the exemption from having to maintain RoPAs. We predict lots of argument over this, but much will depend on the phrase ‘high risk’. If that’s inherent risk, everyone will need RoPAs. If that’s residual risk, hardly anyone should need RoPAs. But that’s not what we think the intent was meant to be – though there’s precious detail to go on. Get ready for the arguments…
We’ve covered our thoughts on SRIs and their impact on UK Privacy in a separate blog. We see the SRI turbocharging expenditure by UK businesses on compliance, so existing DPOs needn’t worry about work drying up.
As to the tasks for an SRI compared to a DPO… they’re far more extensive and include an obligation to ensure measures are in place and maintained to ensure compliance:
You can download our full side-by-side on RoPAs, SRIs and DPOs, DPIAs and Assessments, and DSRs here: UK GDPR Brexit Reforms DPDI 2023.
If you’re likely to be made an SRI – and if you’re in charge of Privacy now – you’re going to want to be able to prove you’re fulfilling your tasks and that you’re ensuring compliance at your organisation. Keepabl’s award-winning Privacy Management Software is your Privacy framework out-of-the-box, with data mapping, rights management, risk, breach and more.
And our B2B SaaS Security will make your IT Manager very happy when you delegate to them
We love the RISK series of expos dealing with Privacy, Security and AI risk. RISK London in October last year was a blast and we’re back again this October, so…
Managing Privacy can be tough, and for those who’ve been given GDPR as part of their daily work – someone in IT, Ops or Compliance 90% of the time as…