We have previously highlighted some of the defects in the Data Protection and Digital Information Bill as introduced, the impact of the Retained EU Law (Revocation and Reform) Bill on the UK’s data protection law framework and the prospect of an attempt by the Government to consolidate the UK’s data protection legislation (comprising the Data Protection Act 1998, Data Protection Act 2018, UK GDPR, Privacy and Electronic Communications (EC Directive) Regulations and the forthcoming Data Protection and Digital Information Bill) into one piece of legislation.

On 03 October 2022 at the Conservative Party Conference, the recent Truss-appointee to Secretary of State for Digital, Culture, Media and Sport, Michelle Donelan MP, gave a speech in which she stated “That is why today Conference, I am announcing that we will be replacing GDPR with our own business and consumer-friendly, British data protection system”.

Leaving aside that it is the UK GDPR (as defined by section 3(10) Data Protection Act 2018), rather than the GDPR which now forms part of our law, this would appear to suggest that the Government will not seek to utilise the provisions in the Retained EU Law (Revocation and Reform) Bill to delay its impact or otherwise re-state the UK GDPR, but will instead be bringing forward a “truly bespoke British system of data protection”, which we anticipate will be in the form of a significantly revised Data Protection and Digital Information Bill. As Donelan promised that “this is not another wave of legislation for business” but “simplification”, we would hope that the Government will consolidate the various legislation into one more user-friendly Act.

That certainly seemed to be the intention of the Secretary of State, who deplored the GDPR as“needless regulations", “limiting the potential of our businesses” which have been “shackled by unnecessary red tape”, leading to “excessive caution”, purportedly contributing to an apparent shortage of electricians and plumbers and an 8% loss of business profits (according to research by the University of Oxford). She referred to the current UK data protection law framework as a “regulatory minefield”.

No doubt with one eye to the European Commission and its decision as to the UK’s adequacy, Donelan explicitly referenced countries “like Israel, Japan, South Korea, Canada and New Zealand” which have secured adequacy status without importing the GDPR wholesale into their domestic legislation and assured that adequacy would be retained.

And despite recent indications that the UK was not a priority for the current US administration, she appeared to suggest that a mechanism for US data transfers was in the offing, or at least a divergence from the EU position to a more risk-based approach (as currently proposed in the Data Protection and Digital Information Bill (as introduced)), proffering the UK as “the bridge across the Atlantic” which could “operate as the world’s data hub”.

If you are an electrician or plumber, or indeed any business, organisation or individual and find yourself tied “in knots by clunky bureaucracy”, allow us at Handley Gill to untie you.