Last reviewed 28 June 2022

It is just over four years since the EU’s General Data Protection Regulation (GDPR) came into force and every business and organisation in the UK was rushing to get their procedures in place to ensure compliance.

Once the UK left the EU, the rules were taken into domestic law virtually unchanged as UK GDPR, but that situation is set to change as the Government has published its response to Data: a New Direction, a 2021 consultation on reforms to create “an ambitious, pro-growth and innovation-friendly data protection regime”.

Available here, the response document sets out a series of proposals to reform the UK GDPR in ways that will, according to techUK, better enable innovation, drive scientific research and position the UK as a more attractive data economy.

At the same time, the digital technology trade association said, the reforms maintain a high standard of data protection rights that will help preserve data sharing agreements with international partners, including the EU.

Based on feedback from just under 3000 consultation responses, including techUK’s submission, the Government has set out the changes it will take forward in reforming the UK’s data protection regime, which have been laid before Parliament as a draft Bill.

Responding to the new Bill, the CBI said that it would work with the Government and the Information Commissioner’s Office (ICO) to help implement proportionate, world-class regulation that maintains the proactive business culture that has developed on data protection whilst seizing the opportunity to innovate with data.

CBI Director of Innovation, Naomi Weir, said: “Keeping our world-leading role on innovation and investment requires strong global data flows, businesses will welcome the UK’s continued commitment to supporting data adequacy with the EU and other international peers.”

The Data Reform Bill will scrap what the Government decries as “red tape and pointless paperwork”, while lowering the barrier for personal data to be used in scientific research.

“Since the European Union’s highly complex GDPR was implemented in the UK four years ago, many organisations have been held back from using data as dynamically as they could”, the Department for Digital, Culture, Media & Sport (DCMS) said.

The Bill will remove need for certain organisations, such as small businesses, to have a Data Protection Officer (DPO) and to undertake lengthy impact assessments.

Comment by Kate Palmer, HR Advice and Consultancy Director at Peninsula

Any amendments to data protection rules will have a significant impact on employers. As such, businesses must be prepared to enact changes and update their related policies and procedures.

Where a breach of data protection occurs, employers can face severe penalties and charges. Therefore, it’s imperative that they and their teams know the correct way to process personal and sensitive information.