Data Protection and Digital Information Bill introduced to Parliament

The government announced the introduction to Parliament of the Data Protection and Digital Information Bill on 8 March, the new UK version of the EU’s General Data Protection Regulation (GDPR), which aims to reduce the burden on British businesses.

According to the government’s press release, it is predicted that the new law will save the UK economy more than £4.7 billion over the next decade, whilst ensuring that privacy and data protection are adequately protected so that the UK can continue to trade internationally. The Bill was first introduced to Parliament last year, but progress was paused in September 2022 following Boris Johnson’s resignation as prime minister and to provide more time for ministers to further consider the legislation.

The new version of the Bill: introduces a simple, clear and business-friendly framework that will not be difficult or costly to implement – taking the best elements of the GDPR and providing businesses with more flexibility about how they comply with the new data laws; ensure that the new regime maintains data adequacy with the EU, and wider international confidence in the UK’s data protection standards; reduce the amount of paperwork organisations need to complete to demonstrate compliance; support more international trade without creating extra costs for businesses if they are already compliant with current data regulation; provide organisations with greater confidence about when they can process personal data without consent; and increase public and business confidence in artificial intelligence (AI) technologies by clarifying the circumstances when robust safeguards apply to automated decision-making.

In addition to this, amongst other things, the Bill will also establish a framework for the use of secure digital verification services, and strengthen the Information Commissioner’s Office through the creation of a statutory board with a chair and chief executive.

Science, Innovation and Technology Secretary, Michelle Donelan, said: “Co-designed with business from the start, this new Bill ensures that a vitally important data protection regime is tailored to the UK’s own needs and our customs. Our system will be easier to understand, easier to comply with, and take advantage of the many opportunities of post-Brexit Britain. No longer will our businesses and citizens have to tangle themselves around the barrier-based European GDPR. Our new laws release British businesses from unnecessary red tape to unlock new discoveries, drive forward next generation technologies, create jobs and boost our economy.”

According to the current draft of the Retained EU Law (Reform and Revocation) Bill, which is still progressing through Parliament, the UK GDPR would be repealed from 31 December 2023, unless the provisions are preserved or replaced prior to that date.