Interviews, insight & analysis on digital media & marketing

UK to replace GDPR with its own data protection rules

The UK government has confirmed its intention to scrap the European Union’s General Data Protection Regulation (GDPR) in favour of its own data protection system.

Speaking at the Conservative party conference in Birmingham, the new Secretary of State for Digital, Culture, Media and Sport, Michelle Donelan, made it clear that the UK still intends to shift away from the rules that were put in place in 2018, which are the reason for many of the data permissions banners and pop-ups we see online today.

“We will be replacing GDPR with our own business, and consumer-friendly, British data protection system,” said Donelan. “Our plan will protect consumer privacy and keep their data safe, whilst retaining our data adequacy so businesses can trade freely.

“I can promise… that it will be simpler, it will be clearer, for businesses to navigate. No longer will our businesses be shackled by lots of unnecessary red tape.”

The announcement is likely to come to the despair of UK businesses, who would’ve hoped that Liz Truss’ arrival as Prime Minister would put an end to the UK’s plans to create a GDPR replacement. Earlier this year, the government announced the Data Protection and Digital Information Bill, which was supposed to have a second reading in parliament last month, but was put on hold with the changing of the Prime Minister.

Now that the GDPR replacement is seemingly back on track, whether it is actually implemented is a cause for uncertainty, as it’s unlikely the Conservatives will win the next general election. Nonetheless, businesses have to be prepared for all possible eventualities.

Reacting to the latest development, Natalie Cramp, CEO of Profusion, said: 

“The announcement that the Government will pause its reform of GDPR in favour of introducing a new data bill adds more unwelcome uncertainty for UK businesses. On a practical level, it’s difficult to see how a new bill could be written and passed with adequate consultation ahead of the next General Election. As Labour has a very different take on GDPR, it’s very hard to say what the final outcome will be. We could see the Conservatives passing this legislation in 2024, a Labour Government confirming that GDPR will remain, or an entirely different approach which may not be finalised until 2025 or beyond. 

“Without any clarity it makes it very difficult for companies, especially in the tech industry, to make concrete plans on how they expand. Creating a large customer base in Europe could prove a costly risk if the UK’s new data regime is significantly at odds with GDPR. The EU may revoke the UK’s ‘adequacy’ status which will mean UK businesses that deal with EU citizen’s data will face large costs and compliance hurdles. Similarly, it will make the UK a less attractive location for foreign companies because they will have to deal with legal and operational costs complying with two different data regimes. 

“GDPR is not a perfect piece of legislation but it is a huge improvement on what came before. It puts consumers in control of their own data and online privacy and this principle needs to be protected. There is an opportunity for the UK Government to have the best of both worlds by tweaking GDPR to remove some unnecessary burdens, such as around FOI requests, while also retaining its adequacy status with the EU. This would make the UK particularly attractive to US businesses seeking an operating base for the EU. 

“If the Government really believes it is necessary to reform GDPR, it either needs to move quickly to introduce some minor amends or provide a very clear roadmap on how and when more wide-ranging reform will take place. Continuously changing direction keeps the whole tech industry in limbo and does little to help business confidence.”