The government’s push to create new data protection regulations for the UK will leave businesses having to comply with multiple regimes, says corporate lawyers RWG Goodman.
Secretary for State for Digital Michelle Donelan this week confirmed the Government’s commitment to replacing the GDPR regulations with its own ‘GBGDPR regulations’. An initial set of proposals were announced in a consultation published earlier this summer but have been put on hold whilst the Government revisits them to find “our own business and consumer friendly British data protection system”.
Whilst a lot of businesses like the idea of simpler regulations, any amendments to the UK’s data protection system are only likely to create additional regulatory burdens for businesses that trade across the EU, says Carl Selby, head of the Tech Sector at RWK Goodman.
“If the UK Government changes the data protection system in the UK, any business trading in the EU or the EEA or has plans to do so – and indeed any UK business that has European customers – will still need to comply with EU data protection regulations. Many will simply continue to adopt policies and processes that comply with EU regulations.
“There is a very real risk, however, that if any new UK data protection regulations deviate too far from EU GDPR, the EU will revoke the UK’s adequacy decision. This will mean data cannot be transferred between the UK and the EU without first putting in place adequate safeguards for international data transfers, most likely additional agreements between the organisations where data is being transferred, creating barriers to free data flow to and from the EU.
“Additional red tape will be created which goes counter to the Government’s aims in introducing a new data protection regime.”