Our Founder Robert Baugh discusses the proposed Brexit Reforms with Mazars

Robert discusses the DPDI Bill - intended to reform the UK data protection laws - with Andrew Rawlins-Catterall, the host of Mazars' Tech for Leaders podcast
Robert Baugh Mazars Brexit Podcast

Our Founder & CEO, Robert Baugh, was delighted to discuss potential Brexit Reforms – as set out in the DPDI Bill – with Andrew Rawlins-Catterall, the host of Mazars’ Tech for Leaders podcast.

The episode was recorded on 16 September 2022 and covers key areas of Accountability as well as possible impacts on the UK’s adequacy decision under EU GDPR. We’ve set out some of the main areas discussed below.

See the full episode here.



We discuss the differences between the Data Protection Officer regime under UK GDPR and the Senior Responsible Individual under the DPDI Bill. We look at whether it’s better or worse, easier or harder, when you need an SRI (and is the test the same as for the DPO) and what if you’ve already got a DPO?

There’s a key addition on SRIs’ duties compared to DPOs. We also discuss the possible liability of DPOs and SRIs, plus the continued difficulties presented by the no-conflict rule for SRIs.


DSRs & ‘vexatious’

We look at the practical effects – so far as we know at the date of recording – of the change of wording in relation to DSRs, by bringing in ‘vexatious’.

We also look at the history of ‘vexatious’ in FOIA cases and whether that’s applicable in data protection.


Article 30 & Records of Processing

One of the big pains of GDPR, according to the UK government, is creating your records of processing. We discuss the practical changes, and whether it’s any easier under the DPDI Bill.


DPIAs vs Risk Assessments

Privacy compliance is a big factor in trust. We discuss how risk assessments are still there, potentially more so, under the DPDI Bill.


Cookies, PECR & e-Privacy

There are some good changes to cookies and PECR. We run through this area, and include a discussion on the IAB Europe case.


UK’s Adequacy Decision

There’s a sunset clause in the UK’s adequacy decision under GDPR, and the ability to review before then too. We discuss whether the DPDI Bill threatens the UK’s adequacy, either in the way transfers are treated or in the independence of the UK ICO with its new governance structure.


Side-by-Side Comparison

Don’t forget to get your own copy of Keepabl’s Side-by-side Guide on the Brexit Reforms under the DPDI Bill. It’s all so much clearer than wading through the Bill, we’ve done the work for you!


Related Articles

News & Awards
Folding Space joins the Privacy Stack®!

Folding Space and Keepabl’s partnership adds leading GDPR Discovery solution to the Privacy Stack® Partnership helps customers comply with GDPR by knowing where their personal data is, and providing an…

Read More
News & Awards
Is Sustainability the new goal for startups instead of Growth?

Watch the panel discussion from 14 April 2021 Growth and/or Sustainability? Rocket ship growth has long been the goal for startups - often at the expense of profitability, regulatory concerns and…

Read More