UK GDPR Brexit Reforms & Accountability
A side-by-side look at the changes to RoPAs, DPIAs, DPOs and DSRs in the UK Data Protection and Digital Information Bill
The UK government claims that the reforms in the draft UK Data Protection and Digital Information Bill, published by the government on 18 July 2022, will reduce ‘the burdens on businesses that impede the responsible use of personal data. By giving businesses the opportunity to protect personal data in the most proportionate and appropriate way, we will make them more efficient, meaning higher productivity rates, and more jobs.’
Apples and Oranges
There are lots of blogs about the Bill, but few side-by-side analyses showing you how the proposals stack up against current practices.
You know the phrase ‘you’re comparing apples and oranges’? It’s when you’re trying to compare two very different things.
We’ve put the current obligations in UK GDPR side-by-side with the proposed obligations in the UK DPDI Bill. That way we can all compare apples with apples and see what practical changes might happen.
And as, at Keepabl, we focus on the practicalities of Privacy, we’ve focussed on the key changes to your Privacy daily role and your Accountability: RoPAs, DPOs, DPIAs and DSARs.
Apples and Apples
We’ve gone through the UK GDPR and the Bill to put your current obligations alongside your proposed obligations, free of all the rhetoric, so you can see for yourself what the impact is on your daily job and your Privacy Governance.
RoPAs
Here are the controller obligations for records of processing activities under the UK GDPR and the UK Bill:
When it’s set out like this, GDPR on the left and the Bill on the right, all becomes clearer.
Look at this crosswalk in the context of your other obligations. You need to be able to satisfy the transparency obligations, telling data subjects all the information in Arts 13 and 14 anyway. And you need to be able to react appropriately to data subject rights, respond to breaches, make sure your use of processors is compliant, that any transfers are identified and the appropriate transfer tool is in place.
In that context, what’s your view? Are there practical differences and, if so, how big are they? Is one lighter or easier than the other and, if so, by how much?
Get all the crosswalks
You can get these crosswalks for all of RoPAs, DPIAs and Assessments, DPOs and SRIs, and DSRs for controllers and processors in our super clear UK GDPR: Brexit Reforms Guide on Accountability.
Keepabl can make your [compliance] life easier!
Here at Keepabl we make operationalising Privacy simple and intuitive, from data mapping to breaches, with instant insights – saving you a lot of time, sweat and tears (and cost).
If you’re ready to get your Privacy governance into gear for your business, why not request a demo or free trial of our Privacy Management Software?
Related Articles
Blog
The Spice Girls & the 2021 ‘NHS Big Data Grab’ - UPDATED 220821
On 12 May 2021, the NHS announced the ‘General Practice Data for Planning and Research (GPDPR)’, daily collection of GP data to support vital health and care planning and research […]
Blog
UK-US Data Bridge opens to traffic
Privacy Shield, the adequacy decision under EU GDPR for transfers to the USA, fell on 16 July 2020. On 10 July 2023, three years later, the EC announced the EU-US […]
KEEPABL is the trade mark of Keepabl Ltd | Company #: 11043685 | Registered office 86-90 Paul Street, London EC2A 4NE | VAT #: 281 5220 22
Keepabl is a regulatory compliance service provided for information only, not legal advice. Always consult your lawyer on legal matters.
Web Design & Development by MazeSpace Studios Ltd