Act Now - The Data Protection and Digital Information Bill: Preparing for GDPR and PECR Reforms

The Data Protection and Digital Information (No.2) Bill (DPDIB) could substantially reform the UK's data protection and privacy framework and affect the day-to-day work of many data protection professionals. Key proposed changes include an overhaul of the role of the Data Protection Officer (DPO), a new approach to ePrivacy rules, and new processes for risk assessment, record-keeping, and data subject rights.

This workshop will help you understand and prepare for the coming changes to the UK General Data Protection Regulation (GDPR), Data Protection Act 2018 (DPA 2018), and Privacy and Electronic Communications Regulations 2003 (PECR). You will explore important areas of the DPDIB and discuss how the reforms relate to your organisation.

Key Topics

• Whether the new Senior Responsible Individual (SRI) role could change or replace the work of DPOs.
• How the new rules for Data Protection Impact Assessments (DPIAs), Records of Processing Activities (RoPAs), and Data Subject Access Requests (DSARs) could affect your organisation's data protection programme.
• Whether changes to the legal bases of "consent", "public task", and "legitimate interest" could impact the lawfulness of certain processing activities.
• How revised definitions of "personal data" and "pseudonymisation" could affect your organisation's compliance responsibilities.
• How to work with the proposed changes to the UK's ePrivacy regime, including to the rules on cookies, direct marketing, and enforcement.
• Whether the new risk-based model for conducting international data transfers will make it easier to work with organisations outside the UK.
• Whether the reforms will impact the UK's "adequacy decision" from the European Commission—and whether UK organisations should start preparing for this possibility.