On 17 June, the government published its long-awaited plans to reform the UK Data Protection Act(1).

The UK proposals, discussed in this article, modify the current accountability framework in terms of suggesting a Privacy Management Programme which would change the requirements on DPOs, Record of Processing Activities (ROPA) and Data Protection Impact Assessments (DPIA). The government says the aim is to create a more business-friendly environment and iron out the uncertainties in some of the GDPR’s areas and their interpretation.

While many have criticised the plans to be changes in name only and not substantial enough to make a real difference, more radical steps could, on the other hand, jeopardise the UK’s EU data adequacy.