UK to Tweak GDPR as Fines Increase

As GDPR fines start to mount up, the UK is planning to tweak the legislation. What could these changes mean for businesses in the UK?

Once again, UK regulators are taking advantage of Brexit to modify a key piece of EU legislation. This time the focus is on GDPR. A consultation launched by the government aims to iron out uncertainties and promote growth, while still maintaining protection of individual data rights. It’s a difficult balancing act, so will the changes achieve it, and what will they mean for businesses working within the UK and the EU?

New rules

The new proposals aim to keep what Government says is good about GDPR while changing where it could potentially be improved. For the most part, this revolves around clarifying positions and reducing the burden on small and medium sized businesses.

The key highlights are:

·        Nuisance calls: The main headline is a crack-down on nuisance calls. Executives would now become personally responsible for any problematic calls which breach guidelines emanating from their organisation.

·        Algorithmic bias: A consultation has been launched against algorithmic bias such as the kind that recently engulfed Facebook. The platform faced heavy criticism when it was revealed that job advertisements for mechanics had been almost exclusively shown to men while women received ads for jobs such as nursery nurses.

·        Smaller businesses: There will also be sliding scales of compliance for smaller businesses to prevent the risk of firms being hit with catastrophic fines which could seriously impact their prospects of survival.

The move comes after a number of high-profile penalties, most recently, a €225 million fine against Facebook-owned WhatsApp. The fine comes after a three-year investigation by the Data Protection Commission, which looked at whether the platform was fulfilling its transparency obligations under GDPR. The investigation concluded that WhatsApp was guilty of a number of ‘severe’ infringements of the EU’s data protection act. The company has been fined and ordered to change its practices within three months.

The WhatsApp penalty follows hot on the heels of the £636 million fine doled out to Amazon in August. The penalty, which is the largest GDPR fine to date, is a watershed moment for the regulation. Ever since its implementation, people have been looking for that landmark fine which would prove the rules have teeth.

Until that point, cases had been building up and there were growing concerns that data protection regulators were unsure of using the full extent of their powers. These fines show that the regulations are serious, even if the guidelines are not being applied consistently.

We have therefore reached a critical point in GDPR

Finally, we’re seeing major fines of the kind we’d expected, but the rules are still not being applied evenly. The UK’s consultation will raise questions about how much will change, and how firms should balance whatever regime the UK implements, as well as other territories.

Ultimately, this is another attempt to use Brexit to give the UK a competitive advantage by loosening restrictions to a certain extent. Even so, this will be a challenge. To avoid disruption, Government will need to be confident that data regulations will still be considered adequate by the EU and other regulators.

Businesses have plenty to consider. They will look at recent fines plus the proposed new changes. They will have to assess how well they comply with new provisions such as the rules against nuisance calls and ensure that they are robust enough to satisfy rules in all territories in which they operate.

Previous
Previous

Waymark Tech is the only RegTech selected to Join Tech Nation’s Applied AI 3.0 cohort

Next
Next

Three Compliance Considerations for Hybrid and Remote Working