Skip to content
Law Society of Scotland
Search
Find a Solicitor
Contact us
About us
Sign in
Search
Find a Solicitor
Contact us
About us
Sign in
  • For members

    • For members

    • CPD & Training

    • Membership and fees

    • Rules and guidance

    • Regulation and compliance

    • Journal

    • Business support

    • Career growth

    • Member benefits

    • Professional support

    • Lawscot Wellbeing

    • Lawscot Sustainability

  • News and events

    • News and events

    • Law Society news

    • Blogs & opinions

    • CPD & Training

    • Events

  • Qualifying and education

    • Qualifying and education

    • Qualifying as a Scottish solicitor

    • Career support and advice

    • Our work with schools

    • Lawscot Foundation

    • Funding your education

    • Social mobility

  • Research and policy

    • Research and policy

    • Research

    • Influencing the law and policy

    • Equality and diversity

    • Our international work

    • Legal Services Review

    • Meet the Policy team

  • For the public

    • For the public

    • What solicitors can do for you

    • Making a complaint

    • Client protection

    • Find a Solicitor

    • Frequently asked questions

    • Your Scottish solicitor

  • About us

    • About us

    • Contact us

    • Who we are

    • Our strategy, reports and plans

    • Help and advice

    • Our standards

    • Work with us

    • Our logo and branding

    • Equality and diversity

  1. Home
  2. For members
  3. Journal Archive
  4. Issues
  5. December 2022
  6. Data Protection and Digital Information Bill challenges

Data Protection and Digital Information Bill challenges

The Data Protection and Digital Information Bill remains under consideration by the Government. If it proceeds, it will pose significant challenges for business unless significant changes are made
12th December 2022 | Wendy Lloyd-Goodwin

UK ministers are currently considering a new Data Protection and Digital Information Bill. The bill is intended to update and simplify the UK’s data protection framework with a view to reducing burdens on organisations, providing them with greater flexibility on how to comply with certain aspects of the data protection legislation and improving the clarity of the framework. Introduced in July 2022, it has been paused while the Government reconsiders aspects of it.

At Life Science Law we work with organisations to help unravel some of the tricky areas surrounding data privacy to help ensure they keep within the realms of GDPR. We support the initiative of simplifying data privacy and the idea of making it more accessible, yet in practice there are some fundamental issues with what is being proposed, not least the challenges the bill poses for organisations wishing to act from beyond the realms of the UK.

Ensuring the right safeguards are in place

One of the key challenges with the bill as introduced is ensuring the right safeguards are in place so that data is protected. The bill aims to lower safeguards governing data collection and processing in order to reduce the “burden” on business, by, for example, abolishing the statutory requirement for organisations that process data to have an independent data protection officer. 

Instead, organisations will designate a senior employee to oversee an organisation’s compliance with data protection rules. The bill also suggests introducing a new, “flexible” accountability regime that allows businesses to decide on how far they will be compliant, based on the scale of, and the perceived risks of, their operations. 

International transfer of personal data 

Another key challenge is for those businesses wishing to operate outside the UK. Under the new proposals, organisations would be able to take a risk based approach to assessing the impact of transferring personal data internationally using standard contractual clauses. This change could present a real risk to the free flow of personal data between the UK and the EU. 

Such a risk based approach may differ from the approaches in the EU, where some data protection authorities have said that the GDPR’s provisions on transfers of personal data to third countries do not allow for this approach. 

The very nature of the new bill is to simplify the UK’s data protection framework, yet in reality for businesses operating outside the UK it will cause more complexity and more confusion.

More clarity on consents 

Finally, the bill needs to provide more clarity on consents. Currently consent is defined as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.

Under the bill, if a person gives permission for their data to be used for a specific research project, this consent can be extended (without further permission) to other projects, even if these were unknown at the original time of consent. The idea of the bill is to reduce consent fatigue, yet although it addresses consent, my fear is that it actually makes things even more complicated.

It will be interesting to see whether and how the bill progresses. The Law Society (of England & Wales) has aired its reservations surrounding its approach for being too business and innovation focused, which may be detrimental to individual rights and protection. The data rights activist body, Open Rights Group has also commented on the bill’s restriction of data subjects’ rights within the EU GDPR. Without some urgent changes to the points mentioned above, I perceive some challenging times ahead.

The Author

Wendy Lloyd-Goodwin is the founder of Life Science Law, and is a solicitor with more than 20 years’ experience in the pharma/biotech sector

Share this article
Add To Favorites
https://lawware.co.uk/

Regulars

  • People on the move
  • Reading for pleasure: December 2022
  • Book reviews: December 2022

Perspectives

  • Editorial: Feeling the pinch
  • Opinion: Jen Shipley
  • President's column: December 2022
  • Viewpoints: December 2022
  • Profile: Kirsty Thomson

Features

  • Feeling the squeeze
  • Indyref: off limits for now
  • Mental health: a blueprint for reform
  • PRRs: when to declare the end?

Briefings

  • Criminal court: Farewell retrospective
  • Agriculture: A future support framework
  • Corporate: Is there a creditor duty?
  • Intellectual property: "Reclaiming the UK statute book"
  • Sport: Flouting their own rules?
  • Succession: Crofting tenancy transfers in intestacy
  • Scottish Solicitors' Discipline Tribunal: December 2022
  • Property: Conveyancing – the future is in our hands
  • In-house: With a fair wind

In practice

  • Public policy highlights: December 2022
  • AML: privilege for the law?
  • Charging for complaints: a bad idea
  • Risk: Stress, workplace culture and risk factors
  • Tradecraft tips: December 2022
  • The Eternal Optimist: It’s good to talk
  • Ask Ash: When work loses its appeal

Online exclusive

  • Are companies’ creditors taking a softer line?
  • Adoption: no going back?
  • Data Protection and Digital Information Bill challenges
  • Networking as a junior lawyer: all you need to know
  • How can employers support carers’ rights?

In this issue

  • An open letter to our team… Thank you!
  • When tracing really matters
  • Make great client experiences your 2023 differentiator

Recent Issues

Dec 2023
Nov 2023
Oct 2023
Sept 2023
Search the archive

Additional

Law Society of Scotland
Atria One, 144 Morrison Street
Edinburgh
EH3 8EX
If you’re looking for a solicitor, visit FindaSolicitor.scot
T: +44(0) 131 226 7411
E: lawscot@lawscot.org.uk
About us
  • Contact us
  • Who we are
  • Strategy reports plans
  • Help and advice
  • Our standards
  • Work with us
Useful links
  • Find a Solicitor
  • Sign in
  • CPD & Training
  • Rules and guidance
  • Website terms and conditions
Law Society of Scotland | © 2025
Made by Gecko Agency Limited