Government reveals fresh replacement for GDPR will be a ‘bespoke, British’ system

Secretary of state for DCMS, Michelle Donelan, giving a speech at a podium whilst at the Conservative Party Conference 2022
Minister of state for DCMS, Michelle Donelan, giving a speech at a podium whilst at the Conservative Party Conference 2022

The government has made fresh comments confirming its plans to scrap GDPR and instead create a new system of data regulation for the UK based on "common sense".

The new regulation will be 'intensive', said the secretary of state for digital, culture, media and sport (DCMS) Michelle Donelan, who did not offer any specific details about how the regulation may take shape.

“Our plan will protect consumer privacy, and keep their data safe, whilst retaining our data adequacy, so that businesses can trade freely,” said Donelan, who formally announced the move at the Conservative Party Conference, currently taking place in Birmingham.

“Our new data protection plan will focus on growth, on common sense, on helping to prevent losses from cyber attacks and data breaches, while also protecting data privacy.”

Citing the abundance of 'red tape' as a primary goal for enacting the new regulation, Donelan quoted a DCMS survey in which 50% of polled businesses said that the General Data Protection Regulation (GDPR) had led to "excessive caution" amongst their workforce when handling data.

Donelan emphasised that the new system will be co-designed with businesses, and cited the example of countries that have achieved data adequacy without implementing GDPR, such as Israel, Japan, South Korea, Canada and New Zealand.

However, many familiar with GDPR and wider data regulation have already voiced their criticism of the idea, which is being billed as unnecessary.


Just enough data governance

Building program momentum and scale with agility


“I get really annoyed at this,” wrote former Conservative MEP Lord Kirkhope, in a tweet.

“The so-called “EU GDPR” was actually partly written by me and other UK MEPs and is understood and accepted Internationally. It’s [sic] “proportionality” provisions were my idea. Leave it alone!”

Chair of the Standards and Privileges Committee Chris Bryant MP also pointed out that new regulation could end up not only giving data protection officers even more work, but also costing businesses more.

“This is madness,” he tweeted in response to the announcement.

“UK companies will still have to abide by GDPR if they want any online business in the European Union (as other non-EU companies already do). So UK divergence will simply mean UK double costs.”

The government had announced plans earlier in 2022 to replace the UK’s implementation of the GDPR with the Data Reform Bill, which was intended to cut “red tape and pointless paperwork” and decrease the steps needed to use data in scientific research.

Progress on these plans was put on hold as prime minister Liz Truss built her own cabinet this summer. It appears this new legislation will take its place

The UK follows the regulatory framework of the Data Protection Act (DPA) 2018, which ensures that the UK retains data adequacy on the collection, processing, and storage of data and sets out the role of the Information Commissioner’s Office (ICO).

After January 2021, the UK also implemented its own regulations based on GDPR, known as the UK GDPR, to maintain adequacy whilst making some changes to the rights and obligations around processing personal data that are local to the UK.

The DPA 2018 works in tandem with, and occasionally provides exemptions for, the UK GDPR such as for law enforcement.

This is essential for UK businesses, as it ensures that sufficient data protection policies are enforced, whilst keeping the UK compliant with regulations that let companies continue to trade with and operate in the EU. Without EU-compliant data protection, UK firms could not collect or process EU data.

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at or on LinkedIn.