Marketing trade bodies raise concern over ‘daunting’ GDPR replacement plan

The government’s plan to replace GDPR with an entirely new data privacy regime could create more problems for brands than solutions, the marketing industry warns.

Britain’s plan to replace the European Union’s General Data Protection Regulation (GDPR) with a new and “truly bespoke” data privacy regime will free businesses from a “regulatory minefield”, claims the new digital, culture, media and sport (DCMS) secretary Michelle Donelan.

However, marketing organisations and industry experts are concerned about what diverging from the EU’s system could mean for brands and businesses, and are calling for the government to provide more certainty.

The Institute of Practitioners in Advertising (IPA)’s director of legal and public affairs, Richard Lindsay, tells Marketing Week the announcement comes “as a surprise”, given the work done by the previous government on the Data Protection and Digital Information Bill.

First announced by former DCMS secretary Oliver Dowden in September last year, the bill included reforms to GDPR which would change the consent requirement for cookies, extend the “soft opt-in” for marketing material to more organisations, and tighten rules around cold callers.UK government to replace GDPR with ‘truly bespoke’ data privacy regime

The Data and Marketing Association’s CEO Chris Combemale says the organisation supports the Data Protection and Digital Information Bill put forward by the previous government, stating that it “provides a strong starting point for reform”.

However, before reaching its second reading in Parliament, the bill was put on hold when Liz Truss took over as Conservative party leader and prime minister last month. Donelan’s speech this week suggests the new government will look to significantly alter the proposals made.

A simpler system?

While few brands would oppose the government’s stated ambition to reduce “red tape” and simplify privacy regulations, introducing a new data protection regime that differs significantly from the EU’s GDPR could raise a number of new challenges and difficulties for international businesses.

“Despite the UK government’s emphasis on making things simpler for businesses, the more regulations diverge from the EU and other geographies, the more costly and difficult it becomes for global brands to rationalise their approach across borders,” says Gartner’s research vice president and distinguished analyst Andrew Frank.

The IPA’s Lindsay echoes these sentiments. While the government’s commitment to goals like lack of business disruption, safeguarding data and data adequacy with the EU is reassuring, “quite how they can each be achieved with the introduction of the more radical changes implied by the minister’s speech remains to be seen,” he says.

Any improvements to the UK GDPR need to be evidence backed and not driven purely for the sake of seeking divergence.

Konrad Shek, Advertising Association

Maintaining data adequacy with the EU has been of considerable concern to marketers since the government announced its intention to reform data laws last year. Data adequacy is a status given by the EU to non-members deemed to have an adequate data protection regime, which then allows information to pass freely between countries.

“The EU remains our largest market and to that end, maintaining data adequacy is paramount to the advertising and marketing industry,” says the Advertising Association (AA)’s director of policy research Konrad Shek.

“Hence, any improvements to the UK GDPR need to be evidence backed and not driven purely for the sake of seeking divergence.”

In her speech at the Conservative Party conference earlier this week, Donelan made claims that GDPR is “limiting the potential of businesses”. She cited a working paper written by researchers at Oxford University, which estimated that firms exposed to the regulations experienced an 8% decline in profits – though the paper itself advises caution in interpreting its findings at this stage.

However, the AA’s Shek says changes now could well end up creating “additional cost” for businesses, due to “the need to maintain compliance with parallel data protection regimes”.

The IPA’s Lindsay adds: “Whether you like the GDPR or not, we have had several years to get to grips with it and businesses have spent considerable sums of money and invested a lot of time and effort in doing so.”

Moving forward the government has an unenviable task ahead of it, Gartner’s Frank says.

“The stakes are high and the depth of understanding needed to reconcile inconsistent privacy laws and emerging technologies with business goals and consumer interests is truly daunting,” he concludes.