Last month, the UK government unveiled the details of the new Data Reform Bill, which will abolish parts of the GDPR that have been a mainstay of EU regulation since 2018. As outlined in the Queen’s Speech, this bill is by no means the first milestone change stemming from the UK’s post-Brexit national strategy, however one should not overlook the potential impacts this revision may have on the strength of our digital trust. Will this divorce be a beneficial outcome of the country’s newfound sovereignty or merely serve as a gratuitous expression of Brexit.
Benefits
Perhaps the most obvious advantage to the loosening of rules is the enhanced capacity for growth. In this case, less onerous rules on how personal data can be processed may open up new avenues for businesses to harness data whilst minimising the risks associated with its management. By doing so, it is believed that a more dynamic and innovative approach to data governance will be achieved for UK businesses, spurring new opportunities.
Current EU legislation has proven cumbersome for many organizations and often lacking in clarity. In a recent LinkedIn survey BSI ran for its Digital Trust audience, it found that 36% of people believe this bill will serve to drive efficiencies and remove unnecessary obstacles in data usage. It is believed that abolishing arduous and compulsory data protection assessments, as well as the need to employ specialists to oversee this process, will achieve these efficiency gains. The burden that was especially felt by SMEs will now be a thing of the past (or at least significantly reduced) as previously institutionalised additions to multiple contracts and consent forms will become streamlined.
Furthermore, irrespective of the removal of GDPR, it has been noted by the Department for Digital, Culture, Media and Sport that the UK retains high standards for data protection that are among the best in the world. Consequently, 12% of BSI’s LinkedIn respondents believe their lives will not be affected by the new bill since the UK has had stringent data protection regulations in effect prior to the introduction of the GDPR in 2018.
Risks
It would be remiss to ignore the potential risks of these reforms however. Whilst onerous at times, the protocols set by the GDPR were created to provide both the protection of, and critical assurances to, consumers with regards to the handling of their personal data. Our LinkedIn poll revealed that 31% of respondents felt their data would be less secure under the new regulations – a significant portion of those surveyed, whose concerns cannot be taken lightly.
There is also the added fear that by removing key GDPR protocols, the UK will no longer fulfil the data protection requirements needed to maintain the EU’s adequacy decision. So whilst the data reform bill promises to alleviate some of the more finicky protocols associated with the GDPR, one must consider the subsequent cost to both consumer confidence and the risk of UK businesses being locked out of the EU’s sizeable data market should adequacy status be revoked.
It is also entirely possible that given how UK organizations have now experienced four years of adaptation to the GDPR regime, they decide to stick with the regulation’s demands. UK businesses have done the hard work of complying to GDPR processes and may take the view that the enhanced digital trust and security brought about by the regulation is worth the effort and that further changes to data processing and management would only create unnecessary risks.
The future of data protection
What the future holds for data protection in this country remains unclear. The reforms have the potential to make it far easier for consumers to interact with businesses and for SMEs to operate unencumbered by seemingly stringent protocols. On the other side of the coin, personal data could become far less secure and continental procedures more difficult to navigate. It is a balancing act between boosting innovation and ensuring greater protection for consumers and businesses themselves.
Whilst time will tell whether the data reform bill will herald more benefits or risks, it is crucial that in the meantime businesses do not let up on their digital trust. It cannot be stressed enough that robust, internal processes to guarantee digital trust are critical to business resilience and success, whatever changes the future may hold.