DPDI #3 is here

A side-by-side look at the changes to RoPAs, DPIAs, DPOs and DSRs in the THIRD iteration of the UK Data Protection and Digital Information Bill
gdpr reforms dogs

They say third time’s a charm. Well, the UK’s GDPR Reform Bill, the DPDI, is back.

On 7 November King Charles gave the King’s Speech, setting out the government’s agenda and the explanatory note lists the DPDI Bill on pages 28 to 30.

It’s the third iteration, but it’s in 2023 so we’re calling it DPDI23.


Updated Side-by-Side Analysis

We’ve updated our crosswalk of UK GDPR, now against DPDI23, focussing on:

  • RoPAs
  • DPOs and SRIs
  • DPIAs and Assessments
  • DSRs



Here’s a challenge, spot the difference in the RoPA requirements:



There is a difference in the exemption from having to maintain RoPAs. We predict lots of argument over this, but much will depend on the phrase ‘high risk’. If that’s inherent risk, everyone will need RoPAs. If that’s residual risk, hardly anyone should need RoPAs. But that’s not what we think the intent was meant to be – though there’s precious detail to go on. Get ready for the arguments…

RoPA Exemption


DPOs and SRIs

We’ve covered our thoughts on SRIs and their impact on UK Privacy in a separate blog. We see the SRI turbocharging expenditure by UK businesses on compliance, so existing DPOs needn’t worry about work drying up.

As to the tasks for an SRI compared to a DPO… they’re far more extensive and include an obligation to ensure measures are in place and maintained to ensure compliance:

DPO SRI tasks


Get the full side-by-side

You can download our full side-by-side on RoPAs, SRIs and DPOs, DPIAs and Assessments, and DSRs here: UK GDPR Brexit Reforms DPDI 2023


How Keepabl helps SRIs (and DPOs!)

If you’re likely to be made an SRI – and if you’re in charge of Privacy now – you’re going to want to be able to prove you’re fulfilling your tasks and that you’re ensuring compliance at your organisation. Keepabl’s award-winning Privacy Management Software is your Privacy framework out-of-the-box, with data mappingrights managementriskbreach and more.

And our B2B SaaS Security will make your IT Manager very happy when you delegate to them 🙂

Book your demo now!



Related Articles

CLOUDs form over key data flows

The enormous – and enormously valuable – flow of personal data from the European Economic Area to the world’s largest economy, the USA, is again at existential risk.  This alone…

Read More
GDPR Benchmark Report

According to new findings from a Cordium and AmberGate survey, more than half of investment firms are unlikely to be ready for the European Union’s new General Data Protection Regulation…

Read More