- 17 October 2022
- Privacy and Data Protection
The Data Protection and Digital Information Bill (‘DPDI Bill’) was due to have its second reading in Parliament on 5 September 2022. The aim of the Bill was to update the UK’s data protection framework. However, this was halted due to the appointment of Liz Truss as the new Prime Minister.
Instead of proceeding with the DPDI Bill, the Government has now announced plans to replace the UK GDPR altogether. In a speech on Monday the 3 October 2022, Michelle Donelan, the Secretary of State for Digital, Culture, Media and Sport, stated that the UK GDPR currently limits the potential of UK businesses, and referred to putting an end to EU ‘red tape’ entailing excessive regulation which is considered bureaucratic and hinders action or decision-making. Donelan stated, “many of these smaller organisations and businesses only employ a few people each. They don’t have the resources or money to navigate the regulatory minefield that GDPR puts in their way. And yet right now, in the main, they’re forced to follow the same one-size-fits-all approach as a multinational corporation.”
So, what are the implications for UK businesses?
The government is seeking to implement a new system to be both business and consumer-friendly at the same time, which will no doubt be a difficult balance to achieve. In addition, it is hoped that the system will protect consumer privacy and keep individuals’ personal data safe, whilst retaining data adequacy for the UK and being simpler and clearer for businesses to navigate.
Whilst this sounds like great news for businesses, there are several implications businesses should consider:
Costs of implementation
Chris Bryant, Chair of the Standards and Privileges Committee, said the new regulation could result in increasing work and responsibilities for data protection officers and increasing costs for businesses. It is important to note that businesses that have customers in the EU will still have to comply with the GDPR regardless of the new system the UK introduces. Such businesses may therefore have to comply with two regulatory regimes instead of one.
It is important to note that businesses that have customers in the EU will still have to comply with the GDPR regardless of the new system the UK introduces.
The UK GDPR has become well established for businesses to have become familiar with it and many businesses have previously invested substantial amounts of time and money to understand and ensure compliance with the framework.
Flow of personal data to EU
‘Adequacy’ is a term the EU uses to describe entities that it deems to provide an ‘essentially equivalent’ level of data protection to that which exists within the EU. The regulatory framework of the Data Protection Act 2018 ensures that the UK maintains adequacy on the collection, processing and storage of data. The UK GDPR was the UK’s way of maintaining adequacy, in order to facilitate the free flow of personal data between the UK and the EU. In June 2021, the European Commission published two adequacy decisions which deemed that the UK’s laws and systems for protecting personal data were ‘adequate’ until 27 June 2025.
Any move away from the GDPR will no doubt be monitored by the European Commission to assess whether the UK still provides ‘essential equivalence of adequacy’ and such assessment is due to commence in 2024. If it does not extend the adequacy decisions, the current adequacy decisions will expire on 27 June 2025. Whilst Michelle Donelan commented that the UK would retain its adequacy, she also indicated that there would be a complete move from “EU red tape”. As of yet, it is unknown how this will be achieved, and it will certainly be a challenge. This may also pose difficulties for UK businesses to do business with the UK’s largest trade partner.
What businesses should look out for
As we approach the General Election in 2024, if a new Government is elected, it may choose not to deviate from the current regime or decide to implement its own data protection regime. We would suggest keeping an eye on any updates from the Government as currently, the Government has a two-year window to introduce the announced change. This may not be achievable given the other issues the Government is dealing with, in particular, the costs of living crisis and potential recession. Whether this new system is actually implemented is therefore uncertain and we await further details from the Government.
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.
About this article
SubjectUK Government’s plan to replace UK GDPR
ExpertisePrivacy and Data Protection
Published17 October 2022
Read, listen and watch our latest insights
- 07 February 2023
National Apprenticeships Week: Apprenticeships providing skills for the future
This week (6-12 February 2023) is National Apprenticeships Week! This year’s theme is ‘Skills for Life’, which is reflecting on how apprenticeships can help individuals to develop the skills and knowledge required for a rewarding career and for organisations to develop a talented workforce that is equipped with skills for the future.
- 06 February 2023
Redundancy and settlement agreements – What you need to know
In this podcast Ciara Duggan and Sana Nahas members of the employment team at Clarkslegal will guide you through the tricky topic of redundancy and settlement agreements, covering what redundancy means for both employers and employees, as well as how settlement agreements work in practise.
- 30 January 2023
Deborah Scales comments on ‘the proposed Mental Health First Aid Bill’
In People Management, Deborah Scales, Associate at Clarkslegal, discusses the reasons why people professionals would likely welcome a change in set law as a “relatively swift and cost-effective” way to help the workplace.
- 25 January 2023
Government’s response to menopause recommendations in the workplace
The UK Government has recently rejected calls for the menopause to be made a ‘protected characteristic’ and for a large-scale pilot of menopause leave.
- 24 January 2023
Melanie Pimenta comments on ‘positive action’ and what it means for employers
In Personnel Today, Melanie Pimenta, Senior Solicitor at Clarkslegal, discusses ‘positive action’ and what it means for employers.
- 20 January 2023
Deborah Scales comments on employee who handed keys in and said ‘I’m done’ did not resign and was unfairly dismissed
In People Management magazine, Deborah Scales, Associate at Clarkslegal LLP, comments on a recent tribunal ruling in which a factory supervisor who handed in her keys in an “anxious state” and said “I’m done” did not resign and was unfairly dismissed.