The UK will scrap the General Data Protection Regulation (GDPR), the European Union’s data privacy regime, and replace it with an alternative system in the UK, the digital and culture secretary Michelle Donelan has told the Conservative Party conference.
Donelan said the proposed new system, details of which have not yet been revealed, will be simpler and clearer for businesses to navigate.
“No longer will our businesses be shackled by lots of unnecessary red tape,” said Donelan. “We will be replacing GDPR with our own business and consumer-friendly British data protection system.
“Our plan will protect consumer privacy and keep their data safe, whilst retaining our data adequacy so businesses can trade freely.”
GDPR for employers
Queen’s Speech 2022: what employers need to know
GDPR: H&M fined record £32m for intrusive ‘people analytics’
The GDPR, which aims to enhance individuals’ rights to their own personal data, took effect across the UK, the EU and the European Economic Area (EEA) in May 2018. It applies to all businesses that process data held by anyone in these regions, regardless of where the business is based.
The Data Reform Bill introduced in the summer is on hold while ministers review their approach. Nadine Norris, the former digital and culture secretary, said in June that measures in the bill would increase financial penalties for those pestering people with nuisance calls and minimise the number of cookie pop-ups people see on the internet.
Donelan’s speech in Birmingham came after the prime minister announced the exemption of tens of thousands of employers from reporting obligations such as gender pay gap reporting as part of a “sweeping package of reforms to cut red tape”.
Small and medium-sized businesses with fewer than 250 employees are currently exempt from regulatory requirements such as gender pay gap and executive pay ratio reporting.
The government yesterday increased this threshold to 500 employees for all new regulations under development and said that it would apply this to retained EU law as part of its plans to reform regulations it considers to be “bureaucratic and burdensome on businesses”.
Natalie Cramp, CEO of data science company Profusion, said: “The announcement that the government will pause its reform of GDPR in favour of introducing a new data bill adds more unwelcome uncertainty for UK businesses.
“On a practical level it’s difficult to see how a new bill could be written and passed with adequate consultation ahead of the next General Election. As Labour has a very different take on GDPR, it’s very hard to say what the final outcome will be.
“We could see the Conservatives passing this legislation in 2024, a Labour government confirming that GDPR will remain, or an entirely different approach which may not be finalised until 2025 or beyond.”
This is madness. UK companies will still have to abide by GDPR if they want any online business in the European Union (as other non-EU companies already do). So UK divergence will simply mean UK double costs. pic.twitter.com/G0mdFQo8SY
— Chris Bryant (@RhonddaBryant) October 3, 2022
Labour MP Chris Bryant said: “This is madness. UK companies will still have to abide by GDPR if they want any online business in the European Union (as other non-EU companies already do). So UK divergence will simply mean UK double costs.”
More fervent opposition to Donelan’s announcement came from Northern Ireland. SDLA assembly member Matthew O’Toole told the Belfast Telegraph: “Data protection laws are a fundamental part of how businesses, governments and civil society have to operate in the digital age.
“If the Tories force through a pointlessly divergent UK data regime it could threaten a vast range of everyday activity on a north-south basis.
“As the SDLP has repeatedly said, the [Northern Ireland] Protocol only protects some north-south activity, but the hard Brexit fantasy projects of the Truss government threaten a whole series of others.
“From payroll services to cross-border workers, to healthcare, to a whole gamut of north-south investment and economic activity, to the simply everyday activities of sporting bodies, churches and trade unions – if data cannot move freely between north and south it will be devastating.”
Additional reporting by Ashleigh Webber.
HR Systems opportunities on Personnel Today
Sign up to our weekly round-up of HR news and guidance
Receive the Personnel Today Direct e-newsletter every Wednesday