Spot the difference: The DPDI (No 2) Bill starts its legislative journey

Rebecca Cousin, Lucie van Gils and Hilal Temel of Slaughter and May look into the proposed changes which do not mark a radical change from the 2022 Bill.

For businesses across the UK and beyond waiting to see what a UK GDPR 2.0 might look like, the journey towards revised data privacy laws in the UK has begun (again). The Data Protection and Digital Information (No. 2) Bill (2023 Bill) was introduced in the House of Commons on 8 March 2023. This is the second version of a set of proposals to reform the UK GDPR. The first version of the Bill (2022 Bill) was introduced to Parliament in July 2022, but was withdrawn after governmental changes.

As discussed in the Privacy Laws & Business article on the 2022 Bill(1), one of the aims of the reform is to make data protection compliance more straightforward in the UK and to promote innovation whilst maintaining high standards of data protection. Announcing the 2023 Bill, the Secretary of State, Michelle Donelan, said the “new common-sense-led UK version of the EU’s GDPR will reduce costs and burdens for British businesses and charities” and promises to “unlock £4.7 billion in savings for the UK economy over the next ten years”. Given that the changes put forward in the 2022 and 2023 Bills do not represent a complete overhaul of the UK’s data protection framework, and for some organisations may in fact end
up having limited practical impact, it remains to be seen whether Donelan will be proved right.

Continue Reading

UK Report subscribers, please login to access the full article


If you wish to subscribe, please see our subscription information.