What the UK’s Data Privacy Bill Means For You


Written by: Andrew Steioff

Reviewed by: Brock Wackerle
Updated: March 24, 2023

Table of contents

We like to think of data regulations as firm and unyielding, but let’s be honest: stuff changes all the time. Regulations shift, and businesses like yours have to pivot accordingly — and sometimes on the turn of a dime. 

Coming hot off the press is legislation from the UK that signals significant changes to data privacy law. Everyone’s favorite data privacy framework, General Data Protection Regulation or GDPR, is undergoing alterations in the UK that could change how other countries handle data security and compliance. 

What the UK’s Data Protection and Digital Information Bill Means For You

Before you think, “Oh no, not again,” let’s be clear: this legislation aims to simplify GDPR compliance. It could actually make your life easier, so let’s take a closer look at the Data Protection and Digital Information Bill.

Surprisingly, the UK is loosening its General Data Protection Regulation (GDPR) requirements, which have been the law of the land since 2018. The move was motivated mainly by complaints from businesses, which argue that GDPR stifles their ability to be competitive. 

After “Brexit,” the UK is free to make up its own rules independently of the EU. These changes aim to “adequately” protect consumers without being too dogmatic. Although the bill isn’t finalized, the Data Protection and Digital Information Bill will likely affect businesses in three ways.

1. UK GDPR requires fewer to-dos

The real purpose of data privacy is to protect consumers from having their personal information mishandled, not to arbitrarily tick boxes for fun. The UK government argues that GDPR creates more problems than it solves, especially with irksome “This site uses cookies” banners that pepper the internet. 

The Data Protection and Digital Information Bill aims to reduce the red tape and make it easier to comply with GDPR. The bill isn’t finalized yet, but it details several changes to GDPR, including: 

  • Increasing fines for spam calls and texts. 
  • Removing the requirement to hire a Data Protection Officer. (You’re still required to have a privacy management program, though.)
  • Removing the requirement for data protection impact assessments.
  • Reduce the number of “This site uses cookies” banners that we’re all sick of now.
  • Making it easier to use personal data, particularly for research purposes. (This way, you don’t have to request consumers’ permission each time you use the data.)

KRI Guide

2. The UK is diverging from the EU on data privacy

The Data Protection and Digital Information Bill might sound like a breath of fresh air to brands, but the EU isn’t thrilled about the UK’s proposed changes. This bill makes the UK’s version of GDPR diverge from the European data privacy regulation and could potentially threaten the “adequacy” deal in place to allow for the free flow of personal data. In the eyes of the EU, these changes could count as deregulation, which means that they could stop treating the UK’s requirements as a GDPR equivalent. 

In practice, your business will probably still need to comply with the EU’s version of GDPR, which is stricter. Even if you’re excited about the UK’s loosening restrictions, it doesn’t mean it will apply everywhere. This might signal a shift towards less rigid data privacy protection, but it’s still better to follow the most stringent standards so you don’t make an expensive misstep.

3. The UK is going to regulate AI

One of the reasons why the UK is making it simpler to access consumer data is to enable AI to do a better job. After all, requiring human permission would significantly slow down an AI, so simplifying permissions could lead to a renaissance in European AI. 

But don’t worry, Skynet isn’t going to take over in the UK. Legislators are proposing a sister bill to the Data Protection and Digital Information Bill to govern artificial intelligence and machine learning. While in the drafting stage, the sister bill could be designed to set more straightforward guidelines of what is and isn’t OK for AI in the UK. The bill touches on several principles, including: 

  • Legal responsibility
  • How to complain about the misuse of AI
  • Safety and security
  • AI fairness

Automatically comply with the Data Protection and Digital Information Bill 

The Data Protection and Digital Information Bill isn’t the law of the land just yet, but it promises to make sweeping changes to GDPR if it passes. Even something as sturdy as GDPR will change as politics and technology change — and that’s why your business has to prepare for just about everything. 

These changes (and the potential inconsistencies they’ll cause) are enough to keep you up at night. That’s why a solid governance, risk, and compliance management platform is such a necessity. LogicGate’s Risk Cloud® platform helps you maintain data privacy, stay compliant, and track changing regulations. Let us worry about the fine print and legalities while you focus on the core of your business. Get a quick demo now to see Risk Cloud in action.

Related Posts