The UK data protection changes
UK data protection changes, as you will already be aware, the UK Government has published more detailed plans on the changes it will make to current data protection legislation and the ICO’s role. This is my analysis of the practical implications of these changes specifically for UK-based coaches, trainers, and consultants who do most if not all tasks to run their business.
Will the UK data protection changes radically alter what you should be aware of and doing?
No, they won’t. The UK GDPR will remain in effect! When you have a heart or client-centred business, you already put front and centre taking care of all aspects of it that will affect the individuals you serve and work with.
What about if you’ve already applied the GDPR within your business?
Then you don’t need to change anything, according to a recent speech, by Julia Lopez, Minister of State for Media, Data, and Digital Infrastructure. The fundamentals aren’t changing, which means you still need to pay attention to getting GDPR built in and then running effectively within your business.
What are the changes that are most likely to affect coaches, trainers, and consultants?
So what do the UK data protection changes include? When the initial consultation began there was a lot of rhetoric flying around that I, like many others, was extremely concerned about. The reason there was so much concern was a combination of it being very unclear what specifics would be put in place and how high the risk was that the UK would lose its Adequacy ruling.
There were a lot of comments about improving competitiveness and the economic value of data – not something anyone with hopes of keeping high privacy and control levels on the side of the data owners! That backed by the NHS data-sharing debacle did not fill me with confidence that our data would be safe and unexploited.
The economic costs of losing Adequacy would be enormous and have been flagged up by various business organisations in the UK. However, it would seem that several of the more controversial suggestions have not made it to the final cut. This doesn’t mean things a free and clear as the final finer details of the Bill are not yet known.
Uk data protection changes most relevant for coaches, trainers, and consultants
When will all of this happen?
Truthfully, I have no idea, especially following recent events but it was one of the bills referred to on the Queen’s speech. This more than likely means within the next 12 months, if not by the end of this year.
The more things change, the more they stay the same…
As I mentioned before, the rhetoric and slogans don’t appear to translate into new and improved regulations. For example:
- The requirement for a DPO has become a requirement for a senior person with the responsibility for an organisation’s data privacy management programme
- Data Protection Impact Assessments won’t be needed but an alternative risk assessment process will still be required
- Record of Processing Activities will no longer be needed but an alternative recording method will be
- Cookies – the planned changes won’t happen until it’s technologically possible. Based on the fact that the replacement of cookies with an alternative is already in play – who knows what this will mean.
There are several key “potato/potahto” changes as far as I can see and additional clarity does seem to be missing.
Major changes or not?
Overall, not but there have already been some big changes when it comes to international data transfers that revolve around a different mechanism in the UK to that used in the EU, not a change in the law. The UK now has its own set of instructions to use, although the main clauses are based on the existing EU Standard Contractual Clauses, their format is different and, so far, the ICO hasn’t delivered the promised guidance notes on how to use them correctly.
Any UK data protection changes mean we will have a certain number of requirements that may well mean “doubling-up” for some businesses to meet the requirements for EU data and UK data. However, based on the comments of the Minister (of State for Media, Data, and Digital Infrastructure), following the EU GDPR would negate this need. Again, the details will be in the Bill and time will tell.
The potential for further divergence based on case law also presents potential issues. If you have UK-based clients only then this won’t be of great concern unless you decide to expand into the EU/international markets.
We’ll have to wait and see – I expect the EU is doing the same thing too.
Business as usual – follow the UK GDPR as is, continue to build in your GDPR-related systems, keep your policies and records up to date and any team members informed of your requirements for your business. Same old same old while we wait for some actionable guidelines.
As always, if you need help…
Ask questions here: You can free general help in my Jargon-free GDPR Facebook group.
Improve your awareness: I run a free monthly workshop for members of my JFG Facebook community group covering important current data protection-related matters.
Stay aware: My Small Business Update is a short and sweet monthly round-up email of news and other items that are relevant to you.
Essential: My Basics of the UK GDPR is your solution. Understand or refresh your essential knowledge of the fundamentals of the legislation that applies to you, your team, and your business. Comes with a certificate, 12 months of access, and updates. Join the waiting list for more details to get Earlybird access and a 20% discount code until released in August.
Coming soon! Step-by-Step UK GDPR online membership, training, and implementation course for UK-based coaches, trainers, and consultants. Designed to work online with you at the speed you choose. It provides all you need to bring your business up to scratch in an easily customisable way. The way that fits you and your business. It includes video tutorials, written lessons and resources, templates, guides, quizzes, and live implementation support sessions. Additional in-depth training is also included to make sure you know and can deal with anything new or different as far as data protection requirements are concerned.
Watch my social media channels and Small Business Update emails for when the Waiting list opens for Step-by-Step UK GDPR – there will be a great Earlybird discount on it for everyone who signs up!
My 1-2-1 services
If you need some 1-2-1 help, click here for details. You can choose the option that suits you best.