Your Privacy Hub

Yes We Trust moves to Didomi

We are excited to share that going forward, Yes We Trust content will be incorporated into Didomi, where we will continue to post relevant, educational content that helps you make sense of data privacy today, including out flagship newsletter and opinion pieces. Thank you for your continued support and see you there!

    • company-news
    • industry-news

    Published on March 20, 2023 last updated on March 28, 2023

    The United Kingdom introduces a draft reform of its data protection law

    London is doing its Brexit on data protection. Indeed, contrary to what was announced last year, under the leadership of the current Prime Minister Rishi Sunak, the UK will not replace the General Data Protection Regulation (GDPR) entirely.

    The goal: to establish a new regulatory framework that is more business-friendly, which will be "freed from unnecessary bureaucracy," according to Michelle Donelan, the Secretary of State for Science, Innovation, and Technology, who had already paused the flagship data protection reform, saying the government wanted to rethink its approach and inviting businesses to "co-design" the legislation with her.

    The government now wants to keep the "best elements" of the European regulation, while dropping some limitations and reporting requirements for companies. This would result in more than €4.5 billion in savings over ten years.

    ICO Commissioner John Edwards said, "The bill will allow my office to continue to function as a trusted, fair and independent regulator. We look forward to continuing to work constructively with the government to monitor how these reforms are expressed in the bill as it moves through Parliament." 

    The bill would require companies to conduct processing registrations only when dealing with high-risk data, such as, for example, an individual's health data. It also clarifies that profiling is subject to the same rules as automated decision-making when a significant decision is made about an individual without significant human intervention. 

    With respect to international data flows, the bill will use existing transfer mechanisms if they already comply with current UK data laws. 

    At a roundtable discussion Wednesday afternoon, Joe Jones, director of research and analysis at IAPP, who has previously worked for the UK government in this area, said, "If you are compliant with the EU GDPR, you will be compliant with the UK." 

    That said, because the regime will only apply in the UK, UK companies doing business in Europe may well choose not to change their current approach to data protection - to ensure they are still compliant with the RGPD, which continues to apply throughout the EU.

    So, it's not entirely clear where the government is headed, but digital rights groups are concerned.

    Continue the conversation in the Yes We Trust community

    avatar Melissa Walehiane

    Melissa Walehiane

    Content writer at Didomi