The Secretary of State for Digital Culture, Media and Sport confirmed at the Conservative Party Conference her intention to scrap the GDPR laws and introduce it with new UK regulations. It is a move that will, says law firm Collyer Bristow, add further red tape and regulation for UK businesses that trade across the EU and EEA.
Raj Shah, a Senior Associate at Collyer Bristow, explains.
“While some businesses may welcome the Culture Secretary’s aim to remove what she describes as ‘lots of unnecessary red tape’ in respect of data protection laws, repealing the GDPR to replace it with new legislation generally appears counterproductive.
“Firstly, the GDPR will continue to apply directly to any business selling to customers in the European Economic Area. Introducing new domestic privacy laws that diverge from this will double the compliance workload for those businesses rather than reduce it.
“Secondly, there is a real risk that these plans, if implemented, could invalidate the UK’s ‘adequacy’ decision by the EU agreed as part of the Brexit deal. If that were to happen, transferring personal data between the UK and any EEA country would require reams of additional documentation and higher administration costs.
“Thirdly, the GDPR has only been in force for four years. Overhauling this regime at this stage may not be particularly welcome when businesses have only just invested time and effort into achieving compliance.”