‘New and improved’ UK GDPR to save £4.7B over ten years, ensure data adequacy
When the UK left the European Union, if effectively copy pasted the GDPR to create the near identical UK GDPR. Today, new laws for a revised version of UK GDPR were introduced to Parliament today as ministers predict savings to the economy worth £4.7 billion (US$5.56 billion) over the next ten years via a pick ‘n’ mix approach to the best bits of GDPR and giving businesses flexibility on how they comply with data laws.
The first Data Protection and Digital Information Bill was introduced during the political frenzy of July 2022. Back then, the expansive Bill which also incorporates changes to the 2018 Data Protection Bill, was predicted to save £1 billion over the next ten years by reducing the burdens on businesses and the removal of cookie pop ups.
The Open Rights Group said at the time that the Bill would turn the UK into a “global data laundering hub.”
Its passage through Parliament was paused to allow further engagement between ministers, business leaders and data experts, to ensure high standards and ongoing data adequacy with the EU.
“Co-designed with business from the start, this new Bill ensures that a vitally important data protection regime is tailored to the UK’s own needs and our customs,” comments Michelle Donelan, head of the new Department for Science, Innovation and Technology.
Moving away from the “one-size-fits-all approach of the European Union’s GDPR, the Data Protection and Digital Information (No. 2) Bill will benefit businesses by “taking the best elements of GDPR and providing businesses with more flexibility about how they comply with the new data laws.”
The Bill will “Provide organisations with greater confidence about when they can process personal data without consent” while reducing paperwork and costs if businesses are already compliant with current data regulation.
A release estimates that data-driven trade made up 85 percent of the UK’s service exports, contributing £259 billion in 2021. Although in the same year, the impact of Brexit-related fresh bureaucracy saw UK goods and service exports to the EU fall 14 percent on 2020 or 25 percent compared to 2019, reported The Guardian.
The impact assessment estimates a net benefit of anywhere from £1.3 billion to £8.5 billion.
“Our system will be easier to understand, easier to comply with, and take advantage of the many opportunities of post-Brexit Britain,” comments Donelan. “No longer will our businesses and citizens have to tangle themselves around the barrier-based European GDPR.”
Only companies and organizations whose processing of personal data are likely to pose high risks to individuals’ rights will be required to keep processing records: “This could include, for example, where organisations are processing large volumes of sensitive data about people’s health.”
Commercial enterprises gain the same freedoms as academics in their use or reuse of data to undertake research that “could reasonably be described as scientific.”
The Bill seeks to clarify data protection around solely automated decision-making and profiling, which are criticized for having been too complex to date. People will be able to request a human reprocess a decision done by AI.
“The Bill will ensure my office can continue to operate as a trusted, fair and independent regulator,” comments John Edwards, UK Information Commissioner. “We look forward to continuing to work constructively with the Government to monitor how these reforms are expressed in the Bill as it continues its journey through Parliament.”
The role and duties of the Commissioner are altered by the new Bill to give the Secretary of State power to set strategic priorities, which the Commissioner must abide by. The Secretary of State can decide whether the Commissioner can have longer than 40 days to achieve a task.
The Bill will establish the framework for trusted and secure digital verification services for the use of digital identities.