Government unveils new data protection proposals to 'clampdown on red tape' for small businesses

Cutting compliance requirements for small businesses are among the proposals in a new overhaul of the UK's data rules.

Publishing its response to a consultation, the government said it will "strengthen the UK's high data protection standards while reducing burdens on businesses".

UK data privacy rules are currently underpinned by General Data Protection Regulation (GDPR) which was introduced by the European Union in 2018. However, the government says GDPR is "highly complex" and gives organisations "little flexibility about how they manage data risks".

To tackle this, the proposals, which are part of the Data Reform Bill first announced in the Queen's Speech, will remove the need for small businesses to appoint a data protection officer and "undertake lengthy impact assessments".

Companies will still be required to have a privacy management programme to ensure they are accountable for how they process personal data.

According to the Department for Digital, Culture, Media and Sport, the reforms represent "a clampdown on bureaucracy, red tape and pointless paperwork" that will save businesses a collective £1bn over 10 years.

Digital secretary Nadine Dorries said the announcement is "an important step in cementing post-Brexit Britain's position as a science and tech superpower".

She added:

"Our new Data Reform Bill will make it easier for businesses and researchers to unlock the power of data to grow the economy and improve society, but retains our global gold standard for data protection.

"Outside of the EU we can ensure people can control their personal data, while preventing businesses, researchers and civil society from being held back by a lack of clarity and cumbersome EU legislation."

Tackling nuisance calls and texts

The new Bill will also tackling nuisance calls and texts as well as other serious data breaches. Fines will increase from the current maximum of £500,000 to up to 4% of global turnover or £17.5m, whichever is greater.

In addition, Privacy and Electronic Communications Regulations (PECR) will be updated to cut down on 'user consent' pop-ups. A new opt-out model would be introduced to "heavily reduce the need for users to click through consent banners on every website they visit".