Matt Hancock grilled by Naga Munchetty on ‘GDPR nightmare’
The General Data Protection Regulation (GDPR) implemented in 2016 governs data protection and privacy in the bloc, as well as the European Economic Area (EEA). Despite Brexit, the rules are retained in UK law, and are referred to as GPDR UK – although speaking in March, Oliver Dowden, then-Secretary of State for Digital, Culture, Media and Sport, said the Government was exploring ways of diverging from Brussels.
While this might make sense from an EU perspective it really doesn’t work for the UK
GPDR is intended to offer individuals enhanced control over their personal data, as well as simplifying the rules for international business – but critics claim it makes life more complicated for UK companies.
Andrew Oury, a chartered accountant, chartered tax adviser and a partner at London-based Oury Clark, told Express.co.uk: “GDPR was set up with incredibly punitive fines: the greater of four percent of turnover or €20million.
“It would appear the strategy was to set fines at a level to terrify everyone into compliance.”
He stressed: “While this might make sense from an EU perspective it really doesn’t work for the UK.
“We tend to operate under the belief that fines should be relative to the scale of the issue.
Boris Johnson is being hampered by alignment with the EU’s data rules, said Mr Oury
Oliver Dowden, the former Culture Secretary
“While personal data is sensitive, it has always been an incredibly unfair set of rules for small businesses.”
Some firms could not possibly have the necessary processes, staff or ability to comply adequately with the rules set down in the current legislation, and certainly not to pay onerous fines.
He said: “They can’t even afford professional advice or find time to understand it, begging the question, what is the point?”
Mr Oury said: “The system needs to be more pragmatic in its nature.
“Should there not be a simpler, lighter version for all but the big boys?
JUST IN: Brexit LIVE – Angers as UK ‘frozen out’ of £80bn project
Ursula von der Leyen, President of the European Commission
“Or should it not just apply to the big boys first, and then work out something for the rest.
“This is particularly an issue for the UK, which has three times the number of small businesses than Germany for instance.”
It would make sense to limit the ability of companies to track people fully, unless they consented by default, Mr Oury suggested.
He added: “If we aren’t going to reap a single Brexit dividend then we are even more bonkers than the endless pop ups.
Mass grave uncovered that remained Nazi secret since Holocaust [REVEAL]
Boris Johnson facing humiliating climate rebellion from Tory MPs [INSIGHT]
World’s first pig to human kidney transplant ‘worked immediately’ [REPORT]
Boris Johnson has made much of his Global Britain vision
There are concerns about the misuse of data provided by individuals
“We chose to not be aligned, so let’s at least unalign where we think they have got it wrong. And GDPR, although a good principle, is badly executed.
“Divesting from GDPR will cut costs, and make us a more efficient, more pragmatic country, attracting more business and fundamentally making the rules actually work better at an individual and company level.”
Mr Oury emphasised GDPR was “in principle a noble cause”, ie that of “protecting the individual from having their data unfairly used, or held without their consent.
However, he warned: “Whilst being an important first step, in practice it’s frankly a bit of a nightmare for all involved.”
EU trade landscape after Brexit
Mr Oury explained: “From the company’s point of view, the information requests have generally come from disgruntled people using it as a weapon to harm the company.”
Companies were therefore required to respond very rapidly with huge quantities of “generally meaningless data”, he pointed out.
He added: “We have seen clients get requests from former employees for instance to produce every email that a person’s name is ever on.
“Meanwhile every word in these emails must be redacted since it’s confidential now that the requestee is an ex-employee.
GPDR rules can result in hefty fines for companies deemed to misuse data
“This serves no-one but the employee’s short term selfishness – and is merely a way to attack companies and tie them up in red tape.”
Nor, in practice, were the rules beneficial for the individual, he claimed.
He said: “Now, you are forced to make a choice: accept all cookies, or go through seemingly endless and confusing choices that may well result in not being able to view the website.
“People simply do not have the time or interest, so 99.9 percent of them click ‘accept all’. You have now agreed to goodness knows what terms over your data, they can track you forever, and now that the company is able to do whatever it wants with your data.”