They say third time’s a charm. Well, the UK’s GDPR Reform Bill, the DPDI, is back.
It’s the third iteration, but it’s in 2023 so we’re calling it DPDI23.
We’ve updated our crosswalk of UK GDPR, now against DPDI23, focussing on:
Here’s a challenge, spot the difference in the RoPA requirements:
There is a difference in the exemption from having to maintain RoPAs. We predict lots of argument over this, but much will depend on the phrase ‘high risk’. If that’s inherent risk, everyone will need RoPAs. If that’s residual risk, hardly anyone should need RoPAs. But that’s not what we think the intent was meant to be – though there’s precious detail to go on. Get ready for the arguments…
We’ve covered our thoughts on SRIs and their impact on UK Privacy in a separate blog. We see the SRI turbocharging expenditure by UK businesses on compliance, so existing DPOs needn’t worry about work drying up.
As to the tasks for an SRI compared to a DPO… they’re far more extensive and include an obligation to ensure measures are in place and maintained to ensure compliance:
You can download our full side-by-side on RoPAs, SRIs and DPOs, DPIAs and Assessments, and DSRs here: UK GDPR Brexit Reforms DPDI 2023.
If you’re likely to be made an SRI – and if you’re in charge of Privacy now – you’re going to want to be able to prove you’re fulfilling your tasks and that you’re ensuring compliance at your organisation. Keepabl’s award-winning Privacy Management Software is your Privacy framework out-of-the-box, with data mapping, rights management, risk, breach and more.
And our B2B SaaS Security will make your IT Manager very happy when you delegate to them 🙂
Article 30 Records vs RoPA vs Asset Register vs Data Map Does it matter what you call it? Oh heck, yes. I mean, was Boba Fett in Star Trek? Article…