Close Menu
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing & Mental Health
  • Marketing
  • HR & Recruitment
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
X (Twitter) LinkedIn YouTube
Trending
  • Handheld Laser Scanners Drive New Growth For Sep Geospatial In Unlikely Sectors
  • Loughborough’s Here Self Storage Hits 65% Occupancy As Local Demand Grows
  • Tool theft legislation and steps to protect your tools
  • Why Digital Excellence is key to transforming Business Culture
  • Busting myths about Asset Based Lending 
  • Self-driving cars could hit UK roads sooner than you expect, says Heligan Group
  • New Venture Aims To Help Propel Growth For Start-Ups
  • Building community, one cause at a time
X (Twitter) LinkedIn YouTube
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing
  • Marketing
  • HR & Recruitment
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • Twitter
  • LinkedIn
  • YouTube
  • RSS
You are at:Home»Legal»Demystifying Data Protection: how do businesses prepare for new GDPR legislation?
GDPR, General data protection regulation compliance.

Demystifying Data Protection: how do businesses prepare for new GDPR legislation?

1
Posted By sme-admin on June 5, 2023 Features, Legal

Originally introduced to Parliament in July 2022, the DPDI (Data Protection and Digital Information Bill 2022-23) has been refreshed, reintroduced and is poised to move to the House of Lords for consideration.

“Ministers have co-designed the Bill with key industry and privacy partners on amendments which will give organisations greater flexibility over how they can comply with the regime while maintaining high data protection standards”
Dept for Science, Innovation and Technology Press Release

Flexibility is welcome, but confidence is key

TLD Client Legal Director, Amanda Mallender, is acutely aware of the challenges these legislative changes could bring to SMEs who have been grappling with the complexities of GDPR compliance for years. But she has some good news for smaller businesses,

“With a few notable exceptions (for example, tightening the rules on cold marketing), the aim of these legislative changes is to lighten the administrative burden on businesses. In doing this the Government has to walk a tightrope because it can’t risk moving too far from the high data protection standards our European counterparts expect. If you are already compliant with data protection laws, this Bill shouldn’t be much of a concern, but your business may be able to take advantage of the greater flexibility being offered in some key areas.”

Amanda Mallender The Legal DirectorWhile we wait for the DPDI to be passed, here is Amanda’s overview of the key changes and some points for SMEs to consider.

Clarity on the use of legitimate interest as a justification for data processing

The DPDI Bill recognises a number of circumstances where legitimate interest can now be relied upon. These include national security, public security and defence; responding to civil emergencies, crime, safeguarding vulnerable individuals and democratic engagement. This is great news for charities and non-profits working with vulnerable people.

What to do now:

Consider whether you can simplify your data collection process by removing the need for consent and instead rely on legitimate interests.

Power to push back on malicious Subject Access Requests (SARs)

SARs can be extremely onerous and time consuming to deal with. Currently, a SAR can only be rejected if it is ‘manifestly unfounded,’ but this threshold is being reduced to ‘vexatious’. Further, the time limit to respond to requests is being relaxed so it will be easier to ‘stop the clock’ temporarily while awaiting further detail from the data subject.

What to do now:

Review the types of requests you are likely to receive and who is best placed to respond to them. Update your policies and processes and make sure everyone is aware of the new limits on data subjects’ rights.

Automated decision making and the rise of AI

Automated decision making (ADM) is the process of making a decision by automated means without any human involvement (source: ICO). Often used for decision making processes in financial services, insurance, and education (for example, course applications), they help organisations process large volumes of data quickly and consistently.

The DPDI provides that the restrictions on ADM will now only apply if the type of data being processed is special category personal data, for example, health related data. However, data controllers will have to ensure data subjects are clearly informed of their rights in relation to ADM and that expanded safeguards are put in place.

What to do now:

If your business uses automated processes to make decisions about data subjects, now is the time to revisit your processes and consider if they need to be adjusted to reflect the DPDI.

Data Protection Officers get a new name and a switch in focus

The role of the DPO (Data Protection Officer) has been revised and renamed as the ‘Senior Responsible Individual (SRI). The SRI will have different responsibilities depending on whether they are appointed by a data controller or data processor. If you are a public body or organisation which carries out high risk processing, your SRI must be appointed from senior management.

What to do now:

Consider if your DPO can still act as your SRI. Get ahead of the change by identifying who is best placed to take on the task and ensure training is provided.

Record keeping responsibility reduced for small companies

For small companies with fewer than 250 employees (who do not conduct high risk processing) there is good news: companies will no longer need to maintain records of processing activities.

 UK government gets granular on location for international data transfers

Going forward, the Secretary of State will have the option to adopt a risk-based approach to evaluating the adequacy of data protection standards in other countries and may make an adequacy finding in respect of specific sectors or states or provinces within a country.

What to do now:

This a definitely an area to watch as, if implemented, it could remove the need for data transfer risk assessments to be undertaken before data can be transferred.

Cookie consent gets an overhaul – good news for marketers

This is a key part of the government’s aim of reducing red tape. It relaxes the rules around when first party cookies can be dropped without consent. This will be particularly welcome to businesses which have struggled to comply with the current rules when collecting marketing data to help them operate their business.

What to do now:

Consider your first party cookies and whether some of them can now be dropped without the need for consent.

Nuisance marketers be warned

The DPDI empowers the ICO to investigate and take action against organisations who undertake unsolicited direct marketing in breach of the Privacy and Electronic Communications Regulations (PECR) – irrespective of whether the call, email or text is actually received. This measure is aimed at unscrupulous marketeers who send out large volumes of unsolicited calls, text messages and phishing emails.

What to do now:

This will certainly be an area of increased focus and enforcement so, if you undertake direct marketing, now is the time to make sure you are acting in compliance with PECR.

Soft opt-in rule change creates opportunity for charities and non-profits

A proposed extension of the soft opt-in exemption to non-commercial organisations (charities and non-profits) could enable these organisations to carry out direct marketing on an opt-out basis (without consent) if contact details were obtained in the course of an individual expressing interest in, or offering support in, the charities’ objectives. Commercial organisations already benefit from this exemption – but in all cases individuals must be easily able to opt out.

What to do now:

If you are a charity or non-profit organisation, you should consider if you will be able to take advantage of this relaxation in the soft opt in rules.

Governance is the key to compliance

Whilst the list of changes may seem daunting, the new data protection framework gives businesses the ability to relax some of their processes and the flexibility to consider how best to comply in other areas. There are opportunities for those businesses which act proactively and make the most of this increased flexibility.

Author: Amanda Mallender, Client Legal Director at The Legal Director

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Tool theft legislation and steps to protect your tools

5 Reasons Why Every Office Should Include Flexible Spaces to Work and Their Key Benefits

Brits lose £11.4 billion to scams: these are 5 of the most dangerous

1 Comment

  1. Pingback: How should you prepare for the new GDPR legislation? | Dealer Support

Follow SME Today on Linkedin and share all the topics you find interesting
Verify your identity for Companies House

The Newsletter

Join our mailing list for the best SME stories, handpicked and delivered direct to your inbox every two weeks!

Sign Up
Events Calendar
    • Marketing
    July 7, 2025

    Bold Business Marketing Specialist Speaks In Swindon This Week

    July 4, 2025

    How Generative AI is Giving SMEs a Marketing Edge

    • Finance
    July 14, 2025

    Busting myths about Asset Based Lending 

    July 10, 2025

    How to build a £1 million pension and ISA portfolio

    • Health & Safety
    July 1, 2025

    Temperatures Soaring: Is Your Workplace Becoming Unsafe?

    January 29, 2025

    UK takeaways guilty of shocking hygiene failures:

    • Events
    July 4, 2025

    £20k grant for female-founded SME up for grabs

    July 2, 2025

    As Seen on BBC Panorama – Brad Burton to Headline The South West Expo in Swindon

    • Community
    July 11, 2025

    Building community, one cause at a time

    June 23, 2025

    Celebrating One Year In Fairford Supporting The Community

    • Food & Drink
    June 23, 2025

    England Cricket Captain, Ben Stokes OBE, takes a stake in Spencer Matthews’ alcohol-free spirits brand, CleanCo

    June 16, 2025

    Hospitality industry risks collapse

    • Books
    April 24, 2025

    Values-Driven Professionalism: A Path to Client Loyalty

    December 2, 2024

    Banish the banshee boss: how to lead without fear – addressing the issue of fear-based management and how NOT to be this manager

    About

    SME Today is published by the same team who deliver The Great British Expos’. We have been organising various corporate events for the last 10 years, with a strong track record of producing well managed and attended business events across the UK.

    Join Our Mailing List

    Receive the latest news and updates from SMEToday.
    Read our Latest Newsletter:


    Sign Up
    X (Twitter) YouTube LinkedIn
    Most Recent Posts
    July 15, 2025

    Handheld Laser Scanners Drive New Growth For Sep Geospatial In Unlikely Sectors

    July 15, 2025

    Loughborough’s Here Self Storage Hits 65% Occupancy As Local Demand Grows

    July 15, 2025

    Tool theft legislation and steps to protect your tools

    July 15, 2025

    Why Digital Excellence is key to transforming Business Culture

    July 14, 2025

    Busting myths about Asset Based Lending 

    Categories
    • Books
    • Community & Charity
    • Education and Training
    • Environment
    • Events
    • Features
    • Finance
    • Food and Drink
    • Health & Safety
    • HR & Recruitment
    • In Profile
    • Legal
    • Marketing
    • News
    • Property & Development
    • Sponsored Content
    • Technology
    • Transport & Tourism
    • Wellbeing & Mental Health

    Copyright © 2020 SME Today.

    • ABOUT SME TODAY: THE GO TO RESOURCE FOR UK BUSINESSES
    • Editorial Submission Guidelines
    • Privacy
    • Contact
    Copyright © 2025 SME Today.
    • ABOUT SME TODAY: THE GO TO RESOURCE FOR UK BUSINESSES
    • Editorial Submission Guidelines
    • Privacy
    • Contact

    Type above and press Enter to search. Press Esc to cancel.