Donelan – who also heads the department responsible for gambling – announced plans to replace GDPR with a UK-specific set of rules at the ongoing Conservative Party conference in Birmingham, framing the reforms as part of the government’s wider move to slash regulation in the wake of the UK’s exit from the European Union.
“There remains a significant amount of red tape in our way, red tape that, as a newly independent nation free of EU bureaucracy, we can tailor to fit our country’s needs. One example of this is on data,” said Donelan.
The minister stated that the new data system would provide more flexibility for small businesses and help reduce the regulatory burden:
“No longer will our businesses be shackled by unnecessary red tape. At the moment, even though we have shortages of electricians and plumbers, GDPR ties them in knots with clunky bureaucracy. In its place, we will co-design with business a new system of data protection. We will look to those countries who achieve data adequacy without having GDPR, like Israel, Japan, South Korea, Canada and New Zealand.
“Our new data protection plan will focus on growth and common sense, helping to prevent losses from cyber-attacks and data breaches, while protecting data privacy. This will allow us to reduce the needless regulations and business-stifling elements, while taking the best bits from others around the world to form a truly bespoke, British system of data protection.
“It is time we seize this post-Brexit opportunity fully and unleash the full growth potential of British business. We can be the bridge across the Atlantic and operate as the world’s data hub,” she continued.
Implications for industry
With no detail on what the new rules would be, the effect on industry that a new data policy would have remains ambiguous. Charles Cohen, CEO of affordability solutions business Department of Trust, doubted that the imposition of affordability checks – expected to be part of the Gambling Act review – will be much affected, however.
“It’s unlikely that affordability checks for gambling will be much affected by any changes,” Cohen said.
He continued, arguing that financial data was always going to be something protected by data laws.
“Ultimately, the data which matters is information on your bank transactions and balances,” he said. “This stuff is privacy kryptonite. No one is going to allow it to be on general release without consent and accountability. I imagine a lot of people would revert to cash under the mattress if that happened.”
Meanwhile, a spokesman from the GB Gambling Commission said that efforts at implementing a single customer view remained ongoing, whatever the data protection standard.
“We will continue to work closely with the Information Commissioner’s Office (ICO) to ensure that a single-customer view solution is implemented in accordance with data protection law,” the spokesman said. “The Betting & Gaming Council (BGC) is currently working within the ICO’s regulatory sandbox to trial a SCV solution.”
Two sets of regulations
The response to the announcement has not been universally positive. Alison Williams, member of the UK Trade and Business Commission and global head of data at DunnHumby said in a statement on the Trade and Business Commission website that in effect the new rules would increase, rather than decrease the administrative burden for business. As most businesses already need to be compliant with EU GDPR, she said it would lead to two sets of rules instead of one.
“Despite the spin, scrapping GDPR would, in practice, double the administrative headache for the hundreds of thousands of British businesses who trade with or operate within the EU. They would be burdened with the overhead of two unique sets of regulations.
“Instead of making up policy on the hoof, ministers must recognise that smooth, barrier-free data sharing with the EU is essential to ensuring British businesses can trade and operate and commit that they will not pursue such an unnecessary and disastrous course of action.”