The Data Protection and Digital Information Bill: What We Know So Far

Further to our previous article last month ‘New Data Reform Bill to bring promising changes to complex GDPR‘ we have provided a more in-depth article that covers what we know to date about the Data Protection and Digital Information Bill.

As we know, the UK government has proposed a clamp down on data, which will have a significant impact on businesses. This is in line with their goal of taking back control of UK data protection after Brexit. The Bill proposes a number of measures that businesses need to be aware of, including tightened rules around data subject access requests (DSARs).

New Deadlines

DSARs are a key part of the data protection process, and allow individuals to request information about the personal data that is held about them. Under the new Bill, businesses will need to be much more prepared for DSARs, as they will have just one month to respond to requests, compared to the current 40 day deadline.

The government say that the changes to the DSAR process are necessary to protect citizens’ privacy rights. They argue that the current 40 day deadline is not long enough to deal with requests efficiently, and that businesses need more time to respond to them. The new Bill will also require businesses to provide individuals with a copy of the personal data that is held about them, which will help people to understand exactly what data is being collected and how it is being used.

They believe that these changes will help to ensure that citizens’ privacy rights are protected and that they have more control over their personal data.


The Bill could overhaul the current regime on the use of cookies and tracking technologies, often a compliance issue for organisations. Under the new Bill, businesses will be able to use cookies and tracking technologies for legitimate purposes, such as website analytics, provided that they inform individuals about these technologies and get their consent.

This change is likely to be welcomed by businesses, as it will make it easier for them to track website usage and understand how people are interacting with their websites. However, it is important to note that consent must be freely given, informed and unambiguous in order to be valid.

Businesses should take this into account when obtaining consent from individuals and make sure that they provide clear and concise information about the use of cookies and tracking technologies. By doing so, they can ensure that they are compliant with the new Bill and avoid any potential penalties.

Greater Power

The Bill seeks to reform the ICO in order to create a more effective data protection regime in the UK. The new Information Commission will have greater powers to investigate and prosecute breaches of the data protection laws, and will be better equipped to deal with the challenges of the digital age.

In order to be ready for DSARs under the new Bill, businesses should make sure they have a clear understanding of what personal data they hold, where it is stored, and who has access to it. They should also put in place procedures for handling DSARs quickly and efficiently.

Data controllers are still waiting for the Data Reform Bill and ICO guidance to become law. But by preparing for the new Bill now, businesses can ensure that they are ready for the changes when they come into effect. This will help you avoid any disruption to operations and ensure you continue to comply with data protection laws.