The European Union (EU) General Data Protection Regulation (GDPR) will be replaced in the UK with a data protection system that is simpler, according to UK digital secretary Michelle Donelan.
But the IT industry fears the “headline-grabbing” proposal will cause uncertainty and, if implemented, do little to reduce red tape for companies operating across borders.
Speaking at the Conservative Party Conference in Birmingham, Donelan said the government planned to replace GDPR with a “business- and consumer-friendly British data protection system”.
“[It] will focus on growth and common sense, helping to prevent losses from cyber attacks and data breaches, while protecting data privacy,” she told the conference. “This will allow us to reduce the needless regulations and business-stifling elements, while taking the best bits from others around the world to form a truly bespoke, British system of data protection.”
The GDPR is legislation that updated and unified data privacy laws across the EU. It was approved by the European Parliament in April 2016 and came into effect in May 2018.
The Information Commissioner’s Office said: “We are pleased to hear the government’s commitment to protecting people’s privacy, preserving adequacy and simplifying data protection law. We look forward to seeing further details, and stand ready to provide our advice and insight.”
Businesses in the tech sector have doubts about the announcement. Anthony Drake, director of tech advisory ISG, said the UK creating its own version of GDPR was “more of a headline generator than anything meaningful for business”.
“Donelan’s announcement that GDPR would be replaced by a data-protection system that is both business- and consumer-friendly generated plenty of headlines. But the reality is, that’s a tough balance to get right,” he said.
Drake added that while the desire to lessen the GDPR burden on small firms was admirable, organisations that operate from the UK into the EU would still have to comply with GDPR – as well as the new UK regulations. “The introduction of new, competing regulations will do little to lessen the burden of red tape.”
Robin Röhm, CEO and co-founder of data collaboration platform Apheris, said the plans, if implemented, could increase the complexity for companies in Britain and the EU hoping to collaborate by sharing data across geographical boundaries.
“Companies with a UK and EU presence will now have to find a new way to collaborate on data and are crying out for new ways to work together while ensuring privacy and regulatory compliance.”
Natalie Cramp, CEO of data science firm Profusion, said the announcement added more unwelcome uncertainty for UK businesses. “On a practical level, it’s difficult to see how a new bill could be written and passed with adequate consultation ahead of the next general election,” she said.
Cramp added that as the Labour Party, which is currently way ahead in the polls, has a very different take on GDPR, the final outcome is uncertain. “We could see the Conservatives passing this legislation in 2024, a Labour government confirming that GDPR will remain, or an entirely different approach which may not be finalised until 2025 or beyond.”