The Government has published its response to the consultation on the reform of the UK’s data protection laws. Even in the absence of a draft Parliamentary bill, the response gives a good indication of what the new UK data protection regime will look like.
Whilst a number of the changes to current data protection laws are not insignificant and will have an impact on both organisations and individual data subjects, the proposed new regime is much less of a departure from the current EU GDPR framework than some had anticipated.
It is worth noting that the proposed changes will only apply to the UK GDPR; organisations that operate across both a UK and EU footprint will need to comply with both the EU GDPR and UK GDPR as amended by the proposed Data Reform Bill. Given that the majority of the proposals that the Government intends to proceed with consist of a slight relaxation of the rules that currently apply under the EU GDPR framework, it is very likely that these multi-jurisdictional organisations will just continue to apply the higher EU “gold standard” across all jurisdictions for consistency.