The Department for Digital, Culture, Media & Sport (DCMS) recently launched a consultation on reform of UK data protection laws, with the twin objectives of strengthening public trust in the use of data, and helping to drive economic growth and innovation. The consultation builds on the Government's National Data Strategy, published last year which set out plans to build a world leading data economy that works for everyone. 'Unlocking the power of data' is also one of the Government's top 10 tech priorities, and the Government's recently published National AI Strategy also highlights the importance of this consultation and the role of data protection in wider AI governance.
The consultation is also part of a wider drive by the UK Government to change approach, now that we are no longer part of the EU and have more freedom over our direction of travel. Its recent approval of New Zealand's ex Privacy Commissioner, John Edwards, as the next Information Commissioner to follow Elizabeth Denham, and his pragmatic, no nonsense approach, is viewed by many as another important step towards reforming the strategic direction of UK data protection law and the ICO's enforcement of it.
We set out here the main changes to the existing data protection regime which have been put forward in the consultation. In summary, many businesses which have invested much time and resource in their GDPR compliance, will be relieved to know that the proposals in the consultation very much build on the existing UK GDPR, with suggestions for change where it is felt that this regime is not delivering as it should be, rather than proposing a whole sale change in direction. That said, the proposals do lean towards a more risk/outcomes based approach to data protection compared with the highly prescriptive nature of EU GDPR, and are expected by the Government to realise a net direct monetised benefit to the economy of £1.04 billion over a 10 year period.