Business & Economy
How businesses could save money via the UK’s GDPR equivalent
May 12, 2023
As the proposed Data Protection and Digital Information Bill – which ministers say will save the economy billions of pounds – undergoes its second House of Commons reading, Rhiannon Hastings, data protection paralegal in the commercial and data protection teams at leading independent law firm for business Muckle LLP, looks at the planned legislation in greater detail.
The UK GDPR replacement continues to develop following Brexit, with the Government promising a new pro-business equivalent to the EU regime, which will “clampdown on bureaucracy, red tape and pointless paperwork” and ultimately save organisations money.
Now into its second reading in the House of Commons, the Government anticipates the new Data Protection and Digital Information Bill (the Data Reform Bill), will save the UK economy more than £4.7 billion across the next ten years.
And Michelle Donelan, Secretary of State for Science, Innovation and Technology, says the new bill has been “co-designed with business from the start.”
But how will this translate on the ground?
Reducing ‘pointless’ paperwork
The Data Reform Bill will reduce the amount of paperwork organisations need to complete to demonstrate their compliance with UK data protection legislation.
An administrative burden for many businesses, it is anticipated the change might genuinely save them time and costs.
Reducing paperwork and subsequent legal costs will enable organisations to reuse personal data for research purposes without being limited by current UK data protection legislation.
This will also allow organisations to focus on managing internal data protection practices without having to demonstrate compliance regularly.
Organisations will still be required to identify and manage risks, as well as maintaining a ‘personal data inventory’ that describes what and where personal data is held, why it has been collected and how sensitive it is.
Supporting international data sharing
The bill will introduce a new data protection test to be carried out prior to international transfers.
Businesses can continue using their existing international data transfer mechanisms to share personal data overseas if they are compliant with current UK laws.
Fewer website cookie pop-ups
UK data protection legislation requires organisations to obtain and maintain ‘valid consent’.
However, where cookies collect information for statistical purposes (making improvements to the website and services), it won’t be required if the website user has clear and comprehensive information about the cookies’ purpose (such as providing a cookie policy).
Personal data collected using cookies must not be shared with other organisations, except to assist that organisation with making improvements to its website or service.
Growth and innovation
John Edwards, UK information commissioner, says: “I welcome the reintroduction of the Data Protection and Digital Information Bill, and support its ambition to enable organisations to grow and innovate while maintaining high standards of data protection rights.
“Data protection law needs to give people confidence to share their information to use the products and services that power our economy and society.”