Legal development

Bye-Bye GDPR

14 October 2022

Share Share
Insight Hero Image
Share

    In a speech at the Conservative Party Conference on 3 October 2022, the Secretary of State for Digital, Culture, Media and Sport, Michelle Donelan talked about creating more wealth and prosperity through the tech, digital, cyber, creative, cultural and arts sectors. However, she complained that there remained a significant amount of red tape in the way and that, as a newly independent nation free of EU bureaucracy, a new regime can be tailored to better fit the country’s needs.

    She specifically referred to the bureaucratic nature of the GDPR inherited from the EU as limiting the potential of our businesses, and quoted researchers at Oxford University estimating that it has directly caused businesses to lose over 8% of their profits, as well as  a survey suggesting that 50% of businesses told her department that the EU’s one-size-fits-all GDPR scheme had led to excessive caution among staff in the handling of data.

    Ms Donelan therefore announced that the GDPR will be replaced with a business and consumer-friendly British data protection system. It will protect consumer privacy and keep their data safe, while retaining our data adequacy so businesses can trade freely, and will also be simpler and clearer for businesses to navigate. Unlike the GDPR, which "ties them in knots with clunky bureaucracy", they say they will co-design with business a new system of data protection, looking to those countries who achieve data adequacy without having GDPR, such as Israel, Japan, South Korea, Canada and New Zealand. It will also  focus on growth and common sense, helping to prevent losses from cyberattacks and data breaches, while protecting data privacy. This will allow the Government to reduce the "needless regulations and business-stifling elements", while taking the best bits from others around the world "to form a truly bespoke, British system of data protection".

    Ms Donelan rather boldly asserted that this will not impose another wave of legislation on business. Rather than complicated legislation – it will be about simplification. It will also apparently include involving "job creators" from the start in the design of a tailored, business-friendly British system of data protection that "protects the consumer, protects data adequacy and increases the trade that good data protection enables, whilst increasing productivity and also avoids the pitfalls of a one-size-fits-all system".

    Commentary

    The idea of a simplified UK data protection regime may well be an attractive proposition, but as always the devil is in the detail. Whether the EU 27 will regard it as offering equivalent protections may also be an important consideration, particularly in relation to cross-border data transfers.

    Authors: Adam Jamieson, Partner, and David Capps, Senior Consultant

    The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
    Readers should take legal advice before applying it to specific issues or transactions.

    Key Contacts

    image

    Stay ahead with our business insights, updates and podcasts

    Sign-up to select your areas of interest

    Sign-up