GDPR was an EU law that brought privacy and data protection into the spotlight, and many consumers are savvy enough to understand the core concepts.

The UK government, who previously 'copy-pasted' it into law, now fancy having a stab at solving data privacy all by themselves. Kill off GDPR and bring in, what I'm guessing will be a much watered-down version of it. 

Top of the list of plans is to allow data transfers to a certain list of countries. This means big exports of personal data can happen to the US, which has laxer data laws. Columbia is also on this list - an odd choice since only 65% of Columbians have access to the internet.

There's going to be a new Information Commissioner, in the form of New Zealand's Privacy Commissioner, the famously anti-Facebook John Edwards. It's expected he will want to clamp down on big-techs use of data - although not sure how that'll go down with the US.

The drivel from the Digital Secretary (who knew we had one!) Oliver Dowden reads:

"Now that we have left the EU I’m determined to seize the opportunity by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK. It means reforming our own data laws so that they’re based on common sense, not box-ticking."

I always get a little worried when politicians say they're doing something because it's common sense. Because more often than not, they tend not to have any!

The government believes it can unlock more trade by relaxing data laws. To the tune of £11bn - about the same as we spent on the NHS Test and Trace.

What does this mean for businesses?

We don't know yet.

The UK government has published a press release, but there's no more information as yet.

Probably that the high standards of GDPR will be relaxed a little.

Some businesses will want to stick by a higher standard as consumers will probably not like data laws getting looser.

Other businesses may choose to relax their marketing and wonder now whether a bit of spam won't hurt.

What does this mean for consumers?

Nothing good.

"Unlocking £11bn in trade" translates to selling medical information overseas, lower penalties for illegal marketing practices and sloppy data transfers that could end up in the hands of scammers.

It'll be interesting to see consumer reaction on this. Yes, if private businesses can use NHS data to make better drugs and faster treatments that'd be great.

But private businesses are about looking after one thing: Shareholders.

What does this mean for the rest of the world?

Not much. The British Empire is significantly smaller than its peak and doesn't enjoy the same level of influence it used to.

Worse case, it might inspire other countries to lower their standards.

Best case, it could bring about a united front on data protection.

Many countries don't have any or even weak laws, and spamming is perfectly legit. Getting all the countries together to hammer out a united agreement might actually make everything smoother and more efficient. But at what cost to the consumer?

In summary

GDPR works fine, for the most part.

Yes, it could be improved.
Yes, data transfers could be simpler.
Yes, it sounds fun to write our own law.

But now that everyone's using GDPR, it kind of makes sense to stick with it and amend it, improve it. Not burn it and start all over again.

Personally, I can't see the positives. A huge upheaval of change on data protection is the last thing small businesses need.

I still have nightmares from when GDPR came in, all those emails!