The UK government has reintroduced new GDPR legislation which it claims will save businesses and charities as much as £4.7bn ($5.6bn) over the coming decade while bolstering data protection and privacy.
Keen to prove the benefits of leaving the EU, the Conservative government said the Data Protection and Digital Information (DPDI) Bill would reduce compliance “paperwork” without impacting data adequacy with the EU or global confidence in the UK.
Recognizing the need to protect and grow a digital economy worth an estimated £259bn ($307bn) for the UK in 2021, the government claimed the new legislation would provide business with greater flexibility about how they comply with data laws, while reducing the overall compliance burden.
More specifically, it said the proposed law would:
- Ensure only organizations whose processing activities are likely to pose “high risks” to personal rights and freedoms need to keep processing records, i.e., health data
- Ensure businesses can continue to use existing international data transfer mechanisms to share personal data overseas if they are already compliant with current UK data laws
- Clarify that commercial organizations will benefit from the same freedoms as academics to carry out innovative scientific research, such as making it easier to reuse data for research purposes
- Bolster business confidence about cases when they can process personal data without consent
- Increase confidence in AI by clarifying when safeguards apply to automated decision-making – such as for profiling of individuals
- Increase fines for nuisance calls and texts to either up to 4% of global turnover or £17.5m
- Reduce the number of consent pop-ups people see online
- Introduce a new framework for optional digital identity verification
- Strengthen the Information Commissioner’s Office (ICO) by creating a new statutory board for the regulator
The legislation was first introduced back in summer 2022 but paused while the government consulted with industry bodies and experts, including consumer rights group Which? and trade association TechUK. Despite the UK having played a key role in shaping the GDPR pre-2018, the government was quick to play up the new legislation as offering advantages over the EU-wide law.
“Co-designed with business from the start, this new bill ensures that a vitally important data protection regime is tailored to the UK’s own needs and our customs,” argued technology secretary, Michelle Donelan.
“Our new laws release British businesses from unnecessary red tape to unlock new discoveries, drive forward next generation technologies, create jobs and boost our economy.”
TechUK CEO, Julian David, also welcomed the new bill.
“The changes announced today will give companies greater legal confidence to conduct research, deliver basic business services and develop new technologies such as AI, while retaining levels of data protection in line with the highest global standards, including data adequacy with the EU,” he said.
Information commissioner, John Edwards, said his office supported the bill’s “ambition to enable organizations to grow and innovate while maintaining high standards of data protection rights.”