If enacted, this new UK data law could result in significant financial losses for UK companies, including lost sales contacts and increased compliance costs due to the need to adhere to two separate regulatory frameworks.
Proposed data regulations in the UK, currently awaiting approval from Parliament, may fall short of Europe’s GDPR standards.
If enacted, this new UK data law could result in significant financial losses for UK companies, including lost sales contacts and increased compliance costs due to the need to adhere to two separate regulatory frameworks.
A report by the New Economics Foundation estimates that compliance costs alone could reach £1.6 billion for British businesses. Originally intended to replace the Data Protection Act of 2018, which implemented the EU’s GDPR in post-Brexit Britain, the UK Data Protection and Digital Information Bill aims to achieve £4.7 billion in savings over the next ten years while being more accessible and easier to comply with, as stated by
David Jinks, head of consumer research at ParcelHero, an e-commerce delivery expert, said:
“The Government claims that the UK’s proposed, so-called “common sense” version of the EU’s GDPR regulations will save the economy £4.7bn over ten years. However, if the EU decides that Britain’s new data protection rules diverge so far from its own that they are no longer adequate, it’s likely that British businesses would lose billions instead.”
According to a report by the Office for National Statistics, UK’s digitally delivered services accounted for more than 73% of all services exported to the EU in 2020. The total value of these services, including digital consulting (£18bn) and digital telecoms and information services (£10bn), amounted to £21bn.
“Should the UK’s data protection regulations no longer be deemed adequate by the EU, the cost of losing access to the EU services market is almost unthinkable,” Jinks added. In other words, if the full range of GDPR standards are not adhered to, companies based in Europe would be unable to continue sharing data, thus undermining UK firms’ ability to get into desired markets.
Whether or not the new bill satisfies EU requirements is not solely the decision of the British government. The ICO says that the EU Commission can alter, suspend or overturn decisions should UK data protection law not cover all bases.
“If the European Commission makes any negative decision regarding the adequacy of the UK’s reformed standards, the flow of personal data between the two jurisdictions is like to face obstructions, which would be especially costly for businesses to overcome,” the ICO said.
The new Economics Foundation report said:
“This extra cost stems from the additional compliance obligations – such as setting up standard contractual clauses (SCCs) – on companies that want to continue transferring data from the EU to the UK. We believe our modelling is a relatively conservative estimate as it is underpinned by moderate assumptions about the firm-level cost and number of companies affected.”
PrivSec Focus: GDPR Five Years On will celebrate and critique the EU’s best-known regulation, bringing industry leaders and subject matter experts together to explore what we’ve learned about data protection since May 2018.
On 25th May 2023, this free-to-attend live-stream event will stimulate lively debate and provide actionable insights into improving your GDPR compliance program.
No comments yet