During London Tech Week (Friday 17th June), the UK government announced its plans to reform the nation’s data protection standards via its new Data Reform Bill. The bill promises to increase financial penalties for spam callers, reduce the amount of cookie pop-ups that impact users’ experience, and strengthen the UK’s data protection standards.
Michael Paye, VP of research and development at Netwrix, comments below on what UK companies should expect and prepare for ahead of the bill being enacted:
“This new government bill outlines several changes surrounding data and user tracking that differ from existing practices. This means inevitable changes in privacy and security standards that are currently in place in the UK organisations. Making these changes will require technical investment and careful review.
“To ensure smooth transition, there are several steps to be taken proactively before the bill becomes effective. First, it is crucial to review the roles associated with compliance in the organisation and ensure that each role’s responsibilities are clearly defined. Then an organisation should identify which business processes are affected by new regulations and prioritise these processes’ adjustment. The next step is documenting and assessing company’s existing compliance practices: Do they meet or exceed the upcoming requirements? With this data collected, it is much easier to plan the implementation of renewed standards.
“For larger organisations there will be no one size fit compliance architecture. Depending on the markets a company sells to, they may have to approach different customers in distinctive ways to ensure compliance as well as provide competitive ease of use for each market segment – for example, opting for a stricter approach to Cookie handling to ensure EU compliance will likely frustrate UK based customers if they become used to a simpler approach.
“UK businesses should be also well-prepared to answer customer queries and armed with documented response to the coming legislation as soon as possible. An official statement should be accessible to the whole organisation should any employee receive a request.
“One of the main difficulties that will have to be navigated is where the Data Reform Bill does not naturally align with previous EU GDPR legislation. UK organisations must anticipate and guard areas of possible vulnerability while the transition takes place.”