8th March 2023
In a long-awaited and significant development, the government has announced that the new Data Protection and Digital Information Bill will finally be introduced in Parliament today.
A consultation on post-Brexit reforms to the UK’s data protection regime concluded in autumn 2021, but the subsequent Bill stalled in 2022 following the change in Prime Ministers.
The government says the new “common-sense-led UK version of the EU’s GDPR will reduce costs and burdens for British businesses and charities, remove barriers to international trade and cut the number of repetitive data collection pop-ups online”.
Ministers co-designed the Bill with key industry and privacy partners including Which? and TechUK. Here are some of the key features:
We already knew that a key component of the new Data Protection and Digital Information Bill would involve reducing the burdens on businesses. That has been signposted again, but the devil will be in the detail. The Bill still has a long way to go. While we know there will be changes to cookie consent requirements, it’s still not clear exactly how that will work. There was no mention of controls on data subject access requests, which we know many businesses are keen to see. We’ll be monitoring and reporting on developments as the Bill progresses.
Businesses have already spent a lot of time, money and effort ensuring data protection compliance under the GDPR. We’ll need to wait and see whether the government can truly deliver on its promise that the new framework will not be difficult or costly to implement.
Progress on the new Bill will also be closely watched in Europe. Much is made in the announcement about organisations no longer having to struggle with the barriers of the European regime. The government says the UK’s proposed new rules seek to ensure data adequacy, while moving away from the ‘one-size-fits-all’ approach of the EU GDPR. It remains to be seen whether the UK will be successful in navigating that balance between the two.
Please contact Jeanette, Andrew or Sally if you have any initial questions on the Data Protection and Digital Information Bill; or otherwise need advice or assistance with data protection compliance, related international trade or technology issues.
Regulatory & Compliance
Head of Regulatory & Compliance