Listen
to
this
post
On
March
8,
2023,
the
UK
Secretary
of
State
for
Science,
Innovation
and
Technology,
Michelle
Donelan,
introduced
the
Data
Protection
and
Digital
Information
(No.
2)
Bill
to
UK
Parliament.
The
first
version
of
the
reform
bill
was
originally
proposed
by
the
UK
government
in
July
2022,
but
was
put
on
pause
during
September
2022.
According
to
UK
government
in
its
press
release,
the
Bill
will
“introduce
a
simple,
clear
and
business-friendly
framework
that
will
not
be
difficult
or
costly
to
implement
–
taking
the
best
elements
of
GDPR
and
providing
businesses
with
more
flexibility
about
how
they
comply
with
the
new
data
laws”.
It
further
notes
that
the
Bill
will
“ensure…[the]
new
regime
maintains
data
adequacy
with
the
EU”,
a
point
which
has
been
questioned
since
it
was
originally
announced
that
the
UK
would
reform
its
data
protection
laws.
Initial
key
takeaways
from
the
Bill
are:
-
A
list
of
activities
which
could
be
considered
a
legitimate
interest
of
a
controller
has
been
introduced.
The
list
is
non-exhaustive
and
includes
direct
marketing,
intra-group
transmission
of
personal
data
and
ensuring
the
security
of
network
and
information
systems. -
Records
of
processing
are
only
required
for
organizations
that
carry
out
processing
activities
likely
to
result
in
“high
risk
to
the
rights
and
freedoms
of
data
subjects.” -
Fines
for
nuisance
calls
and
texts
are
increased
to
up
to
either
4%
of
global
turnover
or
17.5
million
GBP,
whichever
is
greater. -
A
framework
for
the
use
of
digital
verification
services
has
been
included. -
Transfer
mechanisms
lawfully
entered
into
before
the
Bill
take
effect
will
continue
to
be
valid
under
the
new
regime.