The Age of Unrest / Headaches ahead for UK agencies with the proposed GDPR overhaul

Person using laptop computer for an online transaction holding a credit card
Photo by rupixen.com / Unsplash

Yesterday, the UK Government announced that it plans a post-Brexit overhaul of Britain's data privacy regulations, seeing a departure from the European GDPR rules on data privacy.

UK unveils post-Brexit global data plans to boost growth, increase trade and improve healthcare
The UK is today launching a package of measures to help it seize the opportunities of data to boost growth, trade and improve its public services

Oliver Dowden, the Secretary of State for Digital, Culture, Media and Sport (DCMS) tweeted the announcement, saying the move was intended to develop 'a world-leading data regime that will deliver for people across the UK.'

Ironically, it's highly likely it'll do the opposite.

The announcement plays well as a kind of anti-EU 'virtue signalling' to the British Conservative Party's core audience — it's latest rejection of perceived EU overreach. In reality, rather than deliver a simpler online experience for 'people across the UK', this revision could easily backfire. It may deliver no perceptible difference, as I will explain. Or it may in fact make digital life more complex not less, particularly for British businesses.

Since the end of the transition period from 1 January 2020, agencies in the UK of all types (not just digital agencies) have been able to rely on an EU 'data adequacy' status — it ensured that data flowing between the Europe and UK did not need any special handling for privacy purposes, making sure transactions were kept simple.

We previously warned about the importance to UK businesses of Britain having a data adequacy agreement with the EU, and the risks and consequences of it were not granted. Full data adequacy was granted in June, on the understanding that it could be rescinded if there was a ‘future divergence from our standards in the UK's privacy framework.’

And so, within hours of the UK Government's announcement, the EU responded saying that if Britain's changes to its data security laws threaten the digital privacy of EU citizens then it will sever its data-sharing agreement with the UK.

This is serious. Without an adequacy agreement there is no way under UK law for data to lawfully flow from the EU to the UK.

Moreover, at a point where businesses had hoped for the UK–EU trading relationship to be agreed and settling into a new normality, this action on the part of the British government in relation to the country's nearest and largest trading partner creates yet more change and uncertainty, and risks further trading chaos on a national economy that's already creaking and fragile.

Full item for subscribers

Subscribe for free to read the whole briefing


Get the intelligence briefings for the frontiers of the business world

Save hours, and get to the intelligence that matters.

Research, insights and briefings to help you develop strategy, make informed decisions and lead with confidence in a chaotic world.

Subscribe
Thanks for Subscribing