Here are the latest changes to GDPR legislation, ordered from newest to oldest:
Change: The UK government has proposed changes to the UK GDPR to provide more flexibility over personal data use.
Date: March 2023
Details: The proposed bill would give organisations greater flexibility over the use of personal data while still protecting individual rights. The bill aims to clarify and adjust some aspects of the UK’s data protection laws to reduce compliance burdens for businesses. Some of the proposed changes include simplifying consent requirements, expanding the lawful bases for processing personal data, and introducing a lighter-touch approach for lower-risk processing. The bill seeks a balanced approach to strengthen the UK’s data protection regime while supporting innovation and economic growth.
Change: Switzerland’s revised Federal Act on Data Protection came into force
Date: January 1, 2023
Details: Switzerland’s new data protection act updates the country’s 1992 data protection law. The revised act aims to align Swiss law more closely with the EU’s General Data Protection Regulation. It introduces rules for processing sensitive personal data, provisions for data breach notifications, expanded rights for data subjects, and sets out requirements for data protection impact assessments and certifications. The changes are meant to strengthen individual rights while facilitating the free flow of data.
Change: The European Data Protection Board (EDPB) issued guidelines on the interplay between the ePrivacy Directive and the GDPR.
Date: November 2020
Details: The guidelines clarify the relationship between the ePrivacy Directive and the GDPR. They confirm that if an organisation relies on consent as a legal basis for processing electronic communications data under the ePrivacy Directive, that consent must also meet the GDPR’s requirements for consent. The guidelines also discuss other areas where the ePrivacy Directive and GDPR interact, such as data breach notifications, data protection officers, and data protection impact assessments. The aim is to help organisations comply with both sets of rules.