4 minute read
UK Data Protection Laws 2024
The Data Protection and Digital Information Bill (DPDI) is the proposed new legal data protection law to replace the UK-GDPR.
The DPDI Bill aims to be less complicated than the UK-GDPR, clearer, more cost effective and have a business-friendly framework for organisations to demonstrate compliance with new data protection rules.
Post-Brexit GDPR

Background
1st January 2021 the UK formally left the European Union (EU) and became known as a third country.
This led to the creation of EU-GDPR and the UK’s Data Protection Act (2018) co-joined with UK-GDPR
The new UK-GDPR is identical to the EU-GDPR but is an independent UK legislation governed and enforced by the UK data protection agency Information Commissioner’s Office (ICO) and does not influence EU authorities.
Based on the same legal language as the EU-GDPR, it replaced EU and Union law context with UK and domestic law and has the same GDPR principles, rights, and obligations. However, there are implications for the rules on transfers of personal data between the UK and the European Economic Area (EEA).
The New Data Protection Bill
Introduced in the House of Commons 18 July 2022 (Bill 143) was intended to harness UK’s post-Brexit freedoms to create an independent data protection framework.
The Bill was paused in September 2022 for ministers to collaborate with business advisory groups and data experts in the redesign of UK data protection rules.
08 March 2023 the UK Government decided to propose a new version of UK-GDPR (Post Brexit) data law, using current high standards for data protection and privacy, and move away from the ‘one-size-fits-all’ European Union’s GDPR model.
Formally known as The Data Reform Bill, The DPDI Bill aims to reduce the number of repetitive data collection cookie pops-ups online, remove barriers to international trade, and lower costs and responsibilities for British businesses and charities.
The new Bill proposes to:
- Be less complicated, clearer, and have a more business-friendly framework.
- Cut down on needless paperwork, organisations need to demonstrate compliance.
- Take the best bits of current UK-GDPR to give businesses more flexibility in the way they comply with data laws.
- Give organisations greater confidence about when they can process personal data without consent.
- Maintain data adequacy with the EU, and wider international confidence in the UK’s comprehensive data protection standards.
- Support more international trade without creating extra costs for businesses if they’re already compliant with current data regulation.
- Support more international trade for businesses if they’re already compliant with current data regulation so they don’t incur extra unnecessary costs
- Increase public and business confidence in Artificial Intelligence (AI) technologies. Currently you “normally” need to tell individuals what information you hold about them and how it is being used when using AI to process someone’s personal data.
Will DPDI be easier than GDPR?

Find out how the DPDI compares with the current UK-GDPR.
