The General Data Protection Regulation (GDPR) is a law that regulates how companies, organisations and other entities handle personal data. The GDPR became directly applicable in all European Union member states from 25th May 2018, and it requires everyone who deals with the data of an EU citizen to abide by its rules and regulations.
Since 31st December 2020, the retained EU law version of the GDPR applies in the UK, together with the Data Protection Act 2018 (UK GDPR) which was introduced at the same time as the EU GDPR to ensure that the UK and EU regimes were aligned post-Brexit. However, the EU GDPR key principles, rights and obligations remain the same in the UK.
UK businesses found the process of implementing the new GDPR principles a challenge, for example, clarifying how to apply the principles into businesses daily operations whilst also ensuring the complete exclusion of any violations.
Although many businesses overcame difficulties implementing GDPR, last week it was announced that the UK government is planning to replace GDPR with a new "business and consumer-friendly” UK data protection system.
The digital and culture secretary, Michelle Donelan, announced that the new proposed system would remove EU-enforced “red tape” as she believes that the current rules are holding back UK businesses. Donelan advised: “The proposed new system will be simpler and clearer for businesses to navigate”.
However, there is a cause for concern as GDPR will continue to apply directly to any business selling to customers in Europe, meaning double the compliance workload for those businesses rather than making it “simpler and clearer”.
For further information about how this could affect your business, please contact email@example.com.