Data Protection accountability suffers as a result of an unconvincing attempt to reduce red-tape.
3 November 2021
No Comments
Introduction This blog discusses the DCMS proposal: to remove the obligation to maintain a register of processing activities (ROPA; A.30); to remove the requirement to undertake DPIAs (A.35 and A.36); and to reduce the circumstances when a data breach is reported to the ICO (A.33). These will be replaced by far looser requirements that form part of a controller’s privacy management programme (see last blog). As before, the Consultation’s arguments for change are wholly unconvincing and there are significant errors
