London is doing its Brexit on data protection. Indeed, contrary to what was announced last year, under the leadership of the current Prime Minister Rishi Sunak, the UK will not replace the General Data Protection Regulation (GDPR) entirely.

The goal: to establish a new regulatory framework that is more business-friendly, which will be "freed from unnecessary bureaucracy," according to Michelle Donelan, the Secretary of State for Science, Innovation, and Technology, who had already paused the flagship data protection reform, saying the government wanted to rethink its approach and inviting businesses to "co-design" the legislation with her.

The government now wants to keep the "best elements" of the European regulation, while dropping some limitations and reporting requirements for companies. This would result in more than €4.5 billion in savings over ten years.

The bill would require companies to conduct processing registrations only when dealing with high-risk data, such as, for example, an individual's health data. It also clarifies that profiling is subject to the same rules as automated decision-making when a significant decision is made about an individual without significant human intervention. 

With respect to international data flows, the bill will use existing transfer mechanisms if they already comply with current UK data laws. 

That said, because the regime will only apply in the UK, UK companies doing business in Europe may well choose not to change their current approach to data protection - to ensure they are still compliant with the RGPD, which continues to apply throughout the EU.

So, it's not entirely clear where the government is headed, but digital rights groups are concerned.