Data protection regime changes

This article was co-authored by Edward Le Gassick, Trainee Solicitor, London.

This article was originally published in the July 2023 edition of stronger, the ALARM journal. ALARM is a not-for-profit professional membership association that has supported risk and insurance professionals for over 30 years. They provide members with outstanding support to achieve professional excellence, including education, training, guidance, networking, engagement, and industry recognition for best practice across risk management and related services. For more information, visit and follow @ALARMrisk on Twitter and LinkedIn.

After almost eight months of political wrangling, a revised draft of the Data Protection and Digital Information (No. 2) Bill (the Bill) was re-introduced to Parliament on 8 March 2023.

The Bill will reform the existing data protection regime following Brexit, namely the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA). The Bill is not expected to receive Royal Assent until 2024 and the implementation process will take some time. The Bill’s main aims are to simplify data protection rules for businesses and organisations and ensure that data can be used to empower citizens.

In this article, we delve into what will change under the legislation and how can councils prepare for the new data regime.

Related content